VULHUB ™

forum_zoom.php 31~48行 if ($forumid != &quot;&quot;){ $isforum = &quot; &amp;&amp; forumid IN (&quot;.$forumid.&quot;) &quot;; }else{ $isforum = &quot;&quot;; } //forumid明显没有过滤 …… $sql = &quot;Select threadid, title, lastpost FROM &quot;.$ym_thread_tab.&quot; Where isshow=&quot;1&quot; &quot;.$isforum.&quot; orDER BY &quot;.$isaction.&quot; LIMIT 0, &quot;.$shownum; 发生了注射 ymcms3.1.0 <a href="http://www.ymcms.com/" target="_blank">http://www.ymcms.com/</a>

forum_zoom.php 31~48行 if ($forumid != &quot;&quot;){ $isforum = &quot; &amp;&amp; forumid IN (&quot;.$forumid.&quot;) &quot;; }else{ $isforum = &quot;&quot;; } //forumid明显没有过滤 …… $sql = &quot;Select threadid, title, lastpost FROM &quot;.$ym_thread_tab.&quot; Where isshow=&quot;1&quot; &quot;.$isforum.&quot; orDER BY &quot;.$isaction.&quot; LIMIT 0, &quot;.$shownum; 发生了注射 ymcms3.1.0 <a href="http://www.ymcms.com/" target="_blank">http://www.ymcms.com/</a>