漏洞描述
【漏洞对象】PHPWEB 【漏洞描述】网博士成品网站管理系统(PHPWEB)的/feedback/post.php文件中groupid参数存在post注入,可造成数据泄露,甚至服务器被入侵。
PHPWEB系统post.php文件groupid参数-SQL注入
PoC代码
暂无相关漏洞推荐
- phpMyFAQ /api/setup/backup 信息泄露漏洞(CVE-2025-69200)
- PHP 安全漏洞
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2023-38875: PHP Login System 2.0.1 - Cross-Site Scripting
- POC postgresql-cluster-config: PostgreSQL Cluster - Configuration
- POC postrest-api-exposure: PostgREST API Server - Exposure
- POC functions-php-disclosure: functions.php Full Path Disclosure
- POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
- POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
- POC generic-php-files: Generic PHP Backup Information Disclosure
- PHPGurukul Employee Record Management System 代码注入漏洞
- PHPJABBERS Restaurant Menu Maker Project 代码注入漏洞
- Appsmith postgres 代码执行漏洞(CVE-2024-55963)