Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpCommunity 多个SQL注入漏洞
Vulnerability Description
phpCommunityCalendar是一款基于WEB的PHP编写的协同工作程序。 phpCommunity存在多个SQL注入漏洞。当magic_quotes_gpc被禁止时,远程攻击者可以借助多个参数执行任意的SQL命令。这些参数包含:(1)脚本index.php的forum功能的forum_id参数,(2)脚本index.php的forum功能的topic_id参数,(3)脚本index.php的id search功能的id参数,(4)脚本index.php的nick search功能的wert参数
CVSS Information
N/A
Vulnerability Type
N/A