AI Score
Confidence
High
EPSS
Percentile
46.1%
SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
github.com/XD-519/Doc/blob/main/sql%20injection.md