VULHUB ™

文件control/ Action.aspp中： 1. ElseIf Request.Form(&quot;whatdo&quot;) = &quot;DelUser&quot; Then //第510行 2. Dim DelUserID, DelUserName, blogmemberNum, DelUserStatus 3. DelUserID = Request.Form(&quot;DelID&quot;) 4. blogmemberNum = conn.Execute(&quot;select count(mem_ID) from blog_Member where mem_Status='SupAdmin'&quot;)(0) 5. 6. DelUserStatus = conn.Execute(&quot;select mem_Status from blog_Member where mem_ID=&quot;&amp;DelUserID)(0) 变量DelUserID没有过滤放入sql语句导致注入漏洞的产生。 3.0 Beta PJblog ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://bbs.pjhome.net/thread-48122-1-1.html target=_blank rel=external nofollow>http://bbs.pjhome.net/thread-48122-1-1.html</a>

文件control/ Action.aspp中： 1. ElseIf Request.Form(&quot;whatdo&quot;) = &quot;DelUser&quot; Then //第510行 2. Dim DelUserID, DelUserName, blogmemberNum, DelUserStatus 3. DelUserID = Request.Form(&quot;DelID&quot;) 4. blogmemberNum = conn.Execute(&quot;select count(mem_ID) from blog_Member where mem_Status='SupAdmin'&quot;)(0) 5. 6. DelUserStatus = conn.Execute(&quot;select mem_Status from blog_Member where mem_ID=&quot;&amp;DelUserID)(0) 变量DelUserID没有过滤放入sql语句导致注入漏洞的产生。 3.0 Beta PJblog ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://bbs.pjhome.net/thread-48122-1-1.html target=_blank rel=external nofollow>http://bbs.pjhome.net/thread-48122-1-1.html</a>