漏洞描述
PowerPMS系统的GetCreateTableScript功能存在SQL注入漏洞,攻击者可通过构造恶意输入绕过身份验证,直接操纵数据库查询语句,可能导致用户敏感信息泄露(如用户名、密码哈希值)、未授权账户接管或数据库内容篡改,需紧急修补参数化查询或输入过滤机制。
PowerPMS File.ashx存在SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-6220: WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload
- POC CVE-2025-47445: WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
- POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC buildpath-file-disclosure: .buildpath - File Disclosure
- POC eslint-ignore-exposure: Eslint Ignore File Exposure
- 友加畅捷管理系统 RepFile.ashx 存在任意文件上传漏洞
- 全程云 /OA/api/2.0/Common/AttachFile/UploadEditorFile 文件上传漏洞
- 华天动力OA getFileListWithIdList存在SQL注入漏洞
- POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE
- POC CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
- POC CVE-2025-13315: Twonky Server 8.5.2 on Linux and Windows - Log File Exposure