controllers/member/Api.php in dayrui FineCms 5.2.0 has...
Critical severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Feb 12, 2018
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Feb 2, 2023
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
References