CVE-2022-28585: EmpireCMS v7.5 has sql injection vulnerability · Issue #5 · leadscloud/EmpireCMS

****Brief of this vulnerability****

EmpireCMS v7.5 has sql injection vulnerability in adding advertisement category

****Test Environment****

• Windows10
• PHP 5.5.9+Apache/2.4.39

****Affect version****

EmpireCMS 7.5

****Vulnerable Code****

e\admin\tool\AdClass.php line 30

The variable $add passed in by the AddAdClass function is inserted into the sql statement without any filtering, resulting in a sql injection vulnerability

****Vulnerability display****

First enter the background

Click as shown,go to the ad management module

Click to add and capture the packet

Modify parameters
payload：add%5Bclassname%5D=2bob’ or updatexml(1,concat(0x7e,version()),0) or '

Successfully obtained the database version number