在Simple Machines Forum (SMF)的Member Awards component 1.0.2的Sources/Profile.php中awardsMembers function 存在的SQL注入漏洞,允许远程攻击者通过profile action中的id参数到达index.php.
在Simple Machines Forum (SMF)的Member Awards component 1.0.2的Sources/Profile.php中awardsMembers function 存在的SQL注入漏洞,允许远程攻击者通过profile action中的id参数到达index.php.