漏洞描述
SiteServer CMS是中国最强大的企业级开源CMS内容管理系统和网站群系统,能够以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异、规模庞大的网站。siteserver系统3.6.4版本background_nodeGroup.aspx文件PublishmentSystemID参数sql注入,会导致黑客可以直接执行SQL语句,可能造成数据泄露,甚至服务器被入侵。
siteserver CMS 3.6.4 background_nodeGroup.aspx页面PublishmentSystemID参数-SQL注入
PoC代码
暂无相关漏洞推荐
- ERG2 1350W 路由器默认口令漏洞
- 微力同步 /rest/f/api/resources/f96956469e7be39d 文件读取漏洞
- WordPress Yoco Payments plugin /wp-json/yoco/logs 目录遍历漏洞(CVE-2025-13801)
- Frappe /files 目录遍历漏洞(CVE-2025-68953)
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2019-15823: WPS Hide Login <= 1.5.2.2 - Login Page Bypass
- POC CVE-2019-9082: ThinkPHP < 3.2.4 - Remote Code Execution
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal