Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Danneo CMS 'mod/poll/comment.php' SQL注入漏洞
Vulnerability Description
Danneo CMS 0.5.2及之前版本的投票模块中的mod/poll/comment.php存在SQL注入漏洞。远程攻击者可以借助投票操作中发送到index.php的comtext参数,执行任意的SQL指令。该comtext参数与特制的comname和comtitle参数相关联,该漏洞与base/danneo.function.php中的不正确的输入净化有关。
CVSS Information
N/A
Vulnerability Type
N/A