/web/source/mc/store.ctrl.php (约74行)
if($do ==’delete’) {
pdo_delete(‘activity_stores’,array(‘id’ => $_GPC[‘id’], ‘uniacid’ => $_W[‘uniacid’]));
修改为
pdo_delete(‘activity_stores’,array(‘id’ => intval($_GPC[‘id’]), ‘uniacid’ => $_W[‘uniacid’]));
开心洋葱 , 版权所有丨如未注明 , 均为原创丨未经授权请勿修改 , 转载请注明微擎微赞store.ctrl.php SQL注入漏洞修复!
