| タイトル | 广州图创计算机软件开发有限公司 Interlib <=V 2.0.1 SQL injection |
|---|
| 説明 | Guangzhou Tuchuang Computer Software Development Co., Ltd. is a high-tech enterprise that integrates product research and development, application integration, and customer service. Its main goal is to provide high-quality application software system design, integration, and maintenance services to users in the library industry.
The /interlib/order/BatchOrder module in the Interlib Library Cluster Automation Management System V2.0.1 (referred to as "Interlib V2.0.1") contains a SQL injection vulnerability. Due to the module's failure to properly filter or validate user input SQL statements, attackers can construct malicious SQL statements to execute unauthorized database queries. Unauthenticated attackers can exploit this vulnerability to access sensitive information in the database, such as library configuration information and user data.
PR:H |
|---|
| ソース | ⚠️ https://wiki.shikangsi.com/post/share/9dbc9639-ee9d-4328-9ed2-bc1bfbb2e741 |
|---|
| ユーザー | wiki (UID 72124) |
|---|
| 送信 | 2024年10月30日 10:52 (2 年 ago) |
|---|
| モデレーション | 2024年11月06日 21:31 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 283366 [Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System SQLインジェクション] |
|---|
| ポイント | 20 |
|---|