Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TLM CMS 多个SQL注入漏洞
Vulnerability Description
TLM CMS中存在多个SQL注入漏洞,远程攻击者可以借助(1)一个lirenews操作中的news.php的id参数,(2)一个lire操作中goodies.php的idnews参数,(3)一个voir操作中file.php的id参数,(4)affichage.php中的id参数,(5)mod_forum/afficher.php中的id_sal参数,或者(6)mod_forum/messages.php中的id_sujet参数执行任意SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A