漏洞描述
【漏洞对象】eLearningServer远程教育系统 【漏洞描述】 news.php文件nid参数sql注入,可能造成数据泄露,甚至服务器被入侵。
eLearningServer远程教育系统news.php-SQL注入
PoC代码
暂无相关漏洞推荐
- POC 用友时空KSOA downnewsatt.jsp 存在任意文件读取漏洞
- ecology-ifnewscheckoutbycurrentuser-dwr-sqli: 泛微 E-Cology ifnewscheckoutbycurrentuser.dwr SQL 注入
- 索贝融媒体 /news-adapter/rest/s/doc/queryBySQL SQL 注入漏洞
- 方正畅享全媒体新闻采编系统 /newsedit/newsplan/task/binary.do SQL 注入漏洞
- POC CVE-2010-1219: Joomla! Component com_janews - Local File Inclusion
- POC CVE-2023-39676: PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
- POC news-script-xss: News Script Pro 2.4 - Cross-Site Scripting
- POC newsletter-open-redirect: WordPress Newsletter Manager < 1.5 - Unauthenticated Open Redirect
- POC weekender-newspaper-open-redirect: WordPress Weekender Newspaper 9.0 - Open Redirect
- POC wp-knews-xss: WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site Scripting
- POC founder-newsedit-detect: 方正全媒体采编系统
- POC founder-newsedit-syslogin-detect: 方正全媒体采编系统管理后台
- 方正全媒体采编系统 /newsedit/newsedit/userSearch/getUser.do 权限绕过漏洞