There is SQL blind injection at "Management article"

[win1498419293]

1.The location of the vulnerability is line 59 in taocms\include\Model\Cms.php, and the incoming sql statement in the update() method does not use intval to process id The location of the vulnerability is line 59 in taocms\include\Model\Cms.php, and the incoming sql statement in the update() method does not use intval to process id

2.Log in to the background as the default account admin. 3.You can see action=cms&ctrl=update&id=26, this id is the id in the update method in the Cms.php file 3.Test using the SQLMap tool