微擎CMS的wxmicro.ctrl.php 漏洞修復(fù)
2019-12-13
微擎CMS的/web/source/paycenter/wxmicro.ctrl.php中,對$post[member][uid]輸入?yún)?shù)未進(jìn)行嚴(yán)格類型轉(zhuǎn)義,導(dǎo)致SQL注入的發(fā)生。 第29行這個(gè)代碼$user = pdo_get(mc_members, array(uniacid = $_W[uniacid], uid = $post[member][uid]));改成$user = pdo_get(m ...