Ecmall 2.3.0 /app/my_goods.app.php SQL注射漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

<h3>简要描述:</h3><p></p><p>不修复那我就一个一个的提出来</p><p></p><h3>详细说明:</h3><p> </p><p>缺陷文件:/app/my_goods.app.php<br><br></p><p>code 区域</p><pre><code>function brand_list()<br> {<br> if (!empty($_GET['brand_name']) || !empty($_GET['store']))<br> {<br> $_GET['brand_name'] &amp;&amp; $filtered = " AND brand_name LIKE '%{$_GET['brand_name']}%'";<br> $_GET['store'] &amp;&amp; $filtered = $filtered . " AND store_id = " . $this-&gt;_store_id;<br> }<br> if (isset($_GET['sort']) &amp;&amp; isset($_GET['order']))<br> {<br> $sort = strtolower(trim($_GET['sort'])); //未过滤<br> $order = strtolower(trim($_GET['order']));<br> if (!in_array($order,array('asc','desc')))<br> {<br> $sort = 'store_id';<br> $order = 'desc';<br> }<br> }<br> else<br> {<br> $sort = 'store_id';<br> $order = 'desc';<br> }<br> $page = $this-&gt;_get_page(10);<br> $conditions = $this-&gt;_get_query_conditions($con);<br> $brand = $this-&gt;_brand_mod-&gt;find(array( //跟踪<br> 'conditions' =&gt; "(1=1 $conditions)" . $filtered,<br> 'limit'...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息