| Titre | 广州图创计算机软件开发有限公司 Interlib <=V 2.0.1 SQL injection |
|---|
| Description | Guangzhou Tuchuang Computer Software Development Co., Ltd. is a high-tech enterprise that integrates product research and development, application integration, and customer service. Its main goal is to provide high-quality application software system design, integration, and maintenance services to users in the library industry.
The /interlib/order/BatchOrder module in the Interlib Library Cluster Automation Management System V2.0.1 (referred to as "Interlib V2.0.1") contains a SQL injection vulnerability. Due to the module's failure to properly filter or validate user input SQL statements, attackers can construct malicious SQL statements to execute unauthorized database queries. Unauthenticated attackers can exploit this vulnerability to access sensitive information in the database, such as library configuration information and user data.
PR:H |
|---|
| La source | ⚠️ https://wiki.shikangsi.com/post/share/9dbc9639-ee9d-4328-9ed2-bc1bfbb2e741 |
|---|
| Utilisateur | wiki (UID 72124) |
|---|
| Soumission | 30/10/2024 10:52 (il y a 2 ans) |
|---|
| Modérer | 06/11/2024 21:31 (7 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 283366 [Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System injection SQL] |
|---|
| Points | 20 |
|---|