漏洞描述
WMCMS开源小说系统最新版V4.245.499版本前台sql注入,可能造成数据泄漏,甚至服务器被入侵。
WMCMS V4.245.499前台order参数-SQL注入
PoC代码
暂无相关漏洞推荐
- POC (CVE-2025-15004)DedeCMS至5.7.118版本freelist_main.php文件orderby参数SQL注入漏洞
- (CVE-2025-52472) XWiki REST搜索URL HQL注入漏洞(orderField参数)
- wuzhicms-v410-sqli: WuzhiCMS V410 sqli
- SEMCMS /index.php SQL 注入漏洞(CVE-2023-48864)
- POC CVE-2018-7653: YzmCMS v3.6 - Cross-Site Scripting
- POC CVE-2020-29597: IncomCMS 2.0 - Arbitrary File Upload
- POC CVE-2022-23898: MCMS 5.2.5 - SQL Injection
- POC CVE-2022-25125: MCMS 5.2.4 - SQL Injection
- POC CVE-2022-26585: Mingsoft MCMS v5.2.7 - SQL Injection
- POC CVE-2022-33119: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
- POC CVE-2022-4375: Mingsoft MCMS - SQL Injection
- POC CVE-2023-29922: PowerJob V4.3.1 - Authentication Bypass
- POC CVE-2023-3990: Mingsoft MCMS < 5.3.1 - Cross-Site Scripting