漏洞描述
【漏洞对象】SiteServer 【涉及版本】Siteserver 3.6.4 【漏洞描述】 Siteserver3.6.4版本/usercenter/platform/user.aspx文件中UserNameCollection参数存在sql注入漏洞。
SiteServer 3.6.4 user.aspx页面UserNameCollection参数-SQL注入
PoC代码
暂无相关漏洞推荐
- Cal.com /api/auth/session 权限绕过漏洞(CVE-2026-23478)
- Apache Struts XWork组件 XML外部实体注入漏洞(CVE-2025-68493)
- ERG2 1350W 路由器默认口令漏洞
- 微力同步 /rest/f/api/resources/f96956469e7be39d 文件读取漏洞
- WordPress Yoco Payments plugin /wp-json/yoco/logs 目录遍历漏洞(CVE-2025-13801)
- Frappe /files 目录遍历漏洞(CVE-2025-68953)
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)