There is SQL blind injection at "Management Link"

[bkfish]

analysis

The location of the vulnerability is line 33 in taocms\include\Model\Article.php, and the incoming sql statement in the update() method does not use intval to process id,and Link.php extends Article

poc

edit link then edit id as 2)and+sleep(5)--+