Xoops CMS SQL Injection Vulnerability Reported xoopsϸ�������Բ���SQLע��©���ı���
KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. keycoder�ѷ��ֵ�һ��©������myadsģ���xoops �������������©������SQLע�빥����
Input passed to the "lid" parameter in annonces-pf.php isn't properly sanitised before being used in a SQL query.Ͷ�룬ͨ�����ӡ�������annonces - pf.php�ò�������sanitisedǰ����������һ��SQL��ѯ�� This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.����Ա�����������SQL��ѯע������SQL���롣
The vulnerability has been confirmed in version 2.04jp.��©���ѱ�֤ʵ�ڰ汾2.04jp �� Other versions may also be affected.����汾Ҳ�����ܵ�Ӱ�졣
Solution:���������
Edit the source code to ensure that "lid" parameter input is sanitised.�༭Դ���룬��ȷ�������ӡ��IJ���������sanitised ��
Read about the exploit�Ķ��������� here���� . ��
Filed under������ CMS Software CMS��� , �� Computer Security�����ȫ , �� Headline Newsͷ������ , �� Open Source Software����Դ����� , �� PHP PHP�� , �� Web��ҳ , �� Web Hosting�������� , �� Web Services Web���� | | 
| | 
RSS 2.0 2.0 | | 
Trackback Trackback���� this Article |������| 
Email this Article�����ʼ�������
You may also like to read��Ҳ������� |
