## YoudianCMS v9.5.0 SQL Injection (CVE-2022-32300)

|   **Vulnerability**  | **YoudianCMS v9.5.0 SQL Injection (CVE-2022-32300)**  |
| :----:   | :-----|
|  **Chinese name**  | YoudianCMS v9.5.0 sql注入（CVE-2022-32300） |
| **CVSS core**  | 8.8 |
| **FOFA Query**  (click to view the results directly)| [body="YoudianCMS"](https://fofa.info/result?qbase64=Ym9keT0iWW91ZGlhbkNNUyI%3D) |
| **Number of assets affected**  | 987 |
| **Description**  | YouDianCMS is a website CMS. YoudianCMS v9.5.0 version exists security holes, the vulnerability stems from a pass/App/Lib/Action/Admin/MailAction class. PHP MailSendID parameters of SQL injection vulnerabilities are found out. |
| **Impact** | Able to read some sensitive files through SQL injection vulnerability. |

![](https://s3.bmp.ovh/imgs/2023/04/06/b6d2916d8bfa2662.gif)