phpcms2008漏洞下面是官方到目前为止还没有打补丁的几个漏洞http://www.function __construct($modelid){g
phpcms2008漏洞
下面是官方到目前为止还没有打补丁的几个漏洞
http://www. function __construct($modelid) {global $db;$this->db = &$db;$this->table = DB_PRE.'model_field';echo($modelid);$model = $this->db->get_one("SELECT * FROM ".DB_PRE."model WHERE modelid=$modelid");$this->modelid = $model['modelid'];$this->modelname = $model['name'];$this->fields = cache_read($modelid.'_fields.inc.php', CACHE_MODEL_PATH);$this->tablename = DB_PRE.'c_'.$model['tablename']; }
?
构造方法中调用了select...所以忘了过滤。。。
