漏洞描述
【漏洞对象】Finecms 【漏洞描述】 该系统Template.php文件 num变量过滤不严格导致SQL注入漏洞。
Template.php num变量-SQL注入
PoC代码
暂无相关漏洞推荐
- phpMyFAQ /api/setup/backup 信息泄露漏洞(CVE-2025-69200)
- PHP 安全漏洞
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2023-38875: PHP Login System 2.0.1 - Cross-Site Scripting
- POC CVE-2024-47308: Templately <= 3.1.2 - Broken Access Control
- POC functions-php-disclosure: functions.php Full Path Disclosure
- 同享人力资源管理系统 /Service/DownloadTemplate.asmx 文件读取漏洞
- POC CVE-2025-51991: XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
- POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
- POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
- POC generic-php-files: Generic PHP Backup Information Disclosure
- 智邦国际ERP /SYSN/json/pcclient/GetPrintTemplate.ashx SQL 注入漏洞
- 用友NC /portal/pt/infopathimport/importExcelTemplate pageId 文件上传漏洞