漏洞描述
【漏洞对象】帝国CMS(EmpireCMS) 【漏洞描述】 由于对参数的变量未作初始化检测导致 pf\rate.php 和 pf\ratemovie.php中变量 $id 存在注入风险。
EmpireCMS商品评分插件rate.php-SQL注入
PoC代码
暂无相关漏洞推荐
- 泛微 E-Mobile /installOperate.do 服务器端请求伪造漏洞
- Wanhu ezOFFICE /defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp;.js SQL 注入漏洞(CVE-2024-1012)
- WordPress Verbalize 插件 /wp-admin/admin-ajax.php generate_code 文件上传漏洞(CVE-2024-49668)
- POC CVE-2017-12542: HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
- POC CVE-2018-18775: Microstrategy Web 7 - Cross-Site Scripting
- POC CVE-2018-18777: Microstrategy Web 7 - Local File Inclusion
- POC CVE-2019-18957: MicroStrategy Library <11.1.3 - Cross-Site Scripting
- POC CVE-2020-11450: MicroStrategy Web 10.4 - Information Disclosure
- POC CVE-2023-32117: Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
- POC CVE-2024-24565: CrateDB Database - Arbitrary File Read
- POC cloudfront-integrated-waf: CloudFront Integrated With WAF
- POC cloudtrail-integrated-cloudwatch: CloudTrail CloudWatch Integration
- POC CVE-2024-24565: CrateDB数据库任意文件读取漏洞