w4nder issues

Repositories
Issues
Comments

Results 1 issues of


                                            w4nder

Bug Report: There is a front-end boolean-based sql injection vulnerability

Hi, I found a front-end sql injection vulnerability in cszcms-1.2.9 The vulnerable code is on `cszcms\controllers\Member.php#viewUser` The `$this->uri->segment(3)` parameter here can be controlled by the user ![image](https://user-images.githubusercontent.com/65856396/149486766-4872a527-7387-451b-86f2-6113fb41a3cd.png) And no filtering...