漏洞在web/source/mc/card.ctrl.php,修复方法(代码在201行左右)
搜索
if (false === pdo_update('mc_card_members', $status, array('uniacid' => $_W['uniacid'], 'id' => $_GPC['cardid']))) {
修改为
$_GPC['cardid'] = intval($_GPC['cardid']); if (false === pdo_update('mc_card_members', $status, array('uniacid' => $_W['uniacid'], 'id' => $_GPC['cardid']))) {