Submeter #782969: AutohomeCorp frostmourne <= 1.0 SQL Injectioninformação

TítuloAutohomeCorp frostmourne <= 1.0 SQL Injection
DescriçãoFrostmourne Monitor contains a MySQL dynamic SQL injection vulnerability in the alarm preview/query flow. The metricContract.queryString value is treated as trusted SQL and is directly concatenated into backend queries without parameterization or whitelist validation. An authenticated attacker who can access the alarm preview functionality can first enumerate an available MySQL data name and then supply arbitrary SQL expressions that are executed by the server against the corresponding MySQL data source.
Fonte⚠️ https://fx4tqqfvdw4.feishu.cn/docx/M0u0dPZmZosY9Ax6OsScJ3Blnxf?from=from_copylink
Utilizador
 xcxr (UID 86629)
Submissão19/03/2026 13h15 (há 29 dias)
Moderação04/04/2026 16h09 (16 days later)
EstadoAceite
Entrada VulDB355333 [AutohomeCorp frostmourne até 1.0 Alarm Preview previewData httpTest Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!