An issue exists in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xiaocms xiaocms 20141229 |