织梦(dedecms)2007 group/search.php注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

group/search.php ................................................................................................ if(empty($sad)) $sad = &quot;t&quot;; if(empty($keyword)){ ShowMsg(&quot;错误,请输入搜索关键字!&quot;,&quot;-1&quot;); exit(); } if($sad==&quot;g&quot;){ $searchtable = &quot;#@__groups&quot;; $WhereSql = &quot;WHERE ishidden=0 AND groupname like '%&quot;.$keyword.&quot;%'&quot;; $Orders = &quot;ORDER BY stime DESC&quot;; }else{ $searchtable = &quot;#@__group_threads&quot;; $WhereSql = &quot;WHERE closed=0 AND subject like '%&quot;.$keyword.&quot;%'&quot;; $Orders = &quot;ORDER BY lastpost DESC&quot;; } .............................................................................................. 对变量$keyword处理不当,导致注入漏洞的形成 dedecms2007 官方已经发布了补丁 <a href=http://www.dedecms.com/ target=_blank>http://www.dedecms.com/</a>

0%
暂无可用Exp或PoC
当前有0条受影响产品信息