漏洞描述
【漏洞对象】CmsEasy 【漏洞描述】该系统客服聊天模块celive的/celive/live/目录下header.php,index.php,mainbox.php,send.php文件存在SQL注入漏洞。
CmsEasy header.php-SQL注入
PoC代码
暂无相关漏洞推荐
- CmsEasy 7.7.7 代码注入漏洞(CVE-2025-15148)
- POC x-backend-server-header-detect: X-Backend-Server Header - Exposure
- POC cmseasy-crossall-act-php-sql-injection: CmsEasy crossall_act.php SQL注入漏洞
- POC file-disable-server-header: Disable Apache2 Server Header
- POC header-command-injection: Header - Remote Command Injection
- POC directory-listing-no-host-header: Directory Listing - No Host header
- POC cmseasy-crossall-sqli: CmsEasy crossall_act - SQL Injection
- CmsEasy 路径遍历漏洞
- CmsEasy index remotelogin 接口存在登录绕过
- GNU Tar from_header越界读取漏洞
- 通达OA /retrieve_pwd/header.inc.php 路径存在登录绕过漏洞
- Log4j-header/path 远程命令执行
- CmsEasy前台crossall-execsql注入漏洞