POC详情: baeb04e78f2e25d6932c67e0163126f9a81e1158

来源
https://github.com/padayali-JD/CVE-2025-22964
关联漏洞
标题: DDSN Interactive cm3 Acora CMS 安全漏洞 (CVE-2025-22964)
描述:DDSN Interactive cm3 Acora CMS是DDSN Interactive公司的一个企业网络和移动 CMS。 DDSN Interactive cm3 Acora CMS 10.1.1版本存在安全漏洞,该漏洞源于存在SQL注入漏洞,允许攻击者通过table参数执行任意代码。
介绍
# CVE-2025-22964: Time-based blind SQL injection in DDSN Interactive cm3 Acora CMS version 10.1.1

DDSN Interactive cm3 Acora CMS version 10.1.1 has a time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.

Affected version: Acora CMS v10.1.1 and possibly other versions

Discovered by Joby Y Daniel, December-2024.
文件快照

 [4.0K]  /data/pocs/baeb04e78f2e25d6932c67e0163126f9a81e1158
└── [ 748]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。