admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-32300.md

Browse Source 
add CVE-2022-32300
This commit is contained in:
Goby 2023-04-06 20:06:49 +08:00 committed by GitHub
parent e47f88ee0d
commit f3f948aba4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-32300.md Normal file
View File

@ -0,0 +1,12 @@
## YoudianCMS v9.5.0 SQL Injection (CVE-2022-32300)
| **Vulnerability** | **YoudianCMS v9.5.0 SQL Injection (CVE-2022-32300)** |
| :----: | :-----|
| **Chinese name** | YoudianCMS v9.5.0 sql注入CVE-2022-32300 |
| **CVSS core** | 8.8 |
| **FOFA Query** (click to view the results directly)| [body="YoudianCMS"](https://fofa.info/result?qbase64=Ym9keT0iWW91ZGlhbkNNUyI%3D) |
| **Number of assets affected** | 987 |
| **Description** | YouDianCMS is a website CMS. YoudianCMS v9.5.0 version exists security holes, the vulnerability stems from a pass/App/Lib/Action/Admin/MailAction class. PHP MailSendID parameters of SQL injection vulnerabilities are found out. |
| **Impact** | Able to read some sensitive files through SQL injection vulnerability. |
![](https://s3.bmp.ovh/imgs/2023/04/06/b6d2916d8bfa2662.gif)