CNNVD-202601-702 Information
CNNVD ID
CNNVD-202601-702
Related CVE
- CNNVD Published: 2026-01-02
Description (Chinese)
daptin是Daptin开源的一个内容管理系统。 daptin 0.10.3版本存在SQL注入漏洞,该漏洞源于对组件Aggregate API中文件server/resource/resource_aggregate.go内参数column/group/order的错误操作,可能导致SQL注入攻击。
Description (English)
daptin is an open-source content management system for Daptin. daptin version 0.103 has an injection loophole in SQL, which is the result of a misapplication of the parameter column/group/order in documentserver/resource/resource aggregate.go in component Aggregate API, which could lead to an attack on SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
Daptin
Published
2026-01-02
Last Modified
2026-02-24
References
https://note-hxlab.wetolink.com/share/yMZ8oEgMTAur https://note-hxlab.wetolink.com/share/yMZ8oEgMTAur#-span–strong-proof-of-concept—strong—span- https://vuldb.com/?ctiid.339384 https://vuldb.com/?id.339384 https://vuldb.com/?submit.719742 https://access.redhat.com/security/cve/cve-2025-15439
Share on: