dedecms latest injection two vulnerabilities and repair method-vulnerability warning-the black bar safety net

Woven dream content management system(DedeCms) in a simple, practical, open-source and famous, is domestic most well-known PHP open source website management system, is also using most users of PHP class CMS system, having gone through two years of development, the current version no matter in function or in terms of ease of Use, have made considerable development, DedeCms free version of the main target users locked in a personal webmaster, the function is more focused on a personal website or a small portal of the building, of course, there is no shortage of enterprise users and schools in the use of the present system. Woven dream content management system(DedeCms)based on PHP+MySQL technology architecture, completely open source coupled with a strong and stable technical architecture, so that whatever you are currently going to do a small website, or want to let the site continues to grow after the system can still get the free expansion are fully guaranteed.

dedecms latest injection

6 month dede patch of the vulnerability is a principle

plus/guestbook.inc.php

1. require(dirname(FILE).‘/…/…/ include/common.inc.php’);require_once(DEDEINC.“/ filter.inc.php”);

_ Copy the code _

plus/guestbook.inc.php

1. require_once(dirname(FILE).‘/ guestbook/guestbook.inc.php’);…

2. $query = "INSERT INTO #@__guestbook(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck) VALUES (‘$title’,‘$tid’,‘{$g_mid}’,‘$uname’,‘$email’,‘$homepage’,‘$qq’,‘$img’,‘$msg’,‘$ip’,‘$dtime’,‘$needCheck’); ";

_ Copy the code _

[1] [2] [3] next