mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 10:16:59 +00:00
Create MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability.md
add MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability
This commit is contained in:
parent
a0870fc05f
commit
ee48e84503
12
MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability.md
Normal file
12
MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability.md
Normal file
@ -0,0 +1,12 @@
|
||||
## MCMS list Interface sqlWhere Sql Injection Vulnerability
|
||||
|
||||
| **Vulnerability** | **MCMS list Interface sqlWhere Sql Injection Vulnerability** |
|
||||
| :----: | :-----|
|
||||
| **Chinese name** | 铭飞 CMS list 接口 sqlWhere 参数 sql 注入漏洞 |
|
||||
| **CVSS core** | 7.5 |
|
||||
| **FOFA Query** (click to view the results directly)| [body=\"铭飞MCMS\" \|\| body=\"/mdiy/formData/save.do\" \|\| body=\"static/plugins/ms/1.0.0/ms.js\"](https://en.fofa.info/result?qbase64=Ym9keT0i6ZOt6aOeTUNNUyIgfHwgYm9keT0iL21kaXkvZm9ybURhdGEvc2F2ZS5kbyIgfHwgYm9keT0ic3RhdGljL3BsdWdpbnMvbXMvMS4wLjAvbXMuanMi) |
|
||||
| **Number of assets affected** | 3091 |
|
||||
| **Description** | MCMS is a set of lightweight open source content management system developed based on java. It is simple, safe, open source and free. It can run on Linux, Windows, MacOSX, Solaris and other platforms. The system has an sql injection vulnerability before the 5.2.10 version. You can use this vulnerability to obtain sensitive information |
|
||||
| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |
|
||||
|
||||

|
Loading…
x
Reference in New Issue
Block a user