Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pc4Arb Pc4Uploader 'code.php' SQL注入漏洞
Vulnerability Description
PC4Arb Pc4 Uploader 9.0版本及其早期版本的code.php使远程攻击者易于借助特制的关键词序列,且该序列从一个banner操作中的id参数的一个过滤器中移除,执行SQL注入攻击,例如借助 "UNIunionON"字符串,且该字符串可以被filter_sql函数分解为"UNION"。
CVSS Information
N/A
Vulnerability Type
N/A