漏洞标题
N/A
漏洞描述信息
在Dominios Europa PICRATE(aka TAL RateMyPic)1.0中存在多个SQL注入漏洞,这些漏洞允许远程攻击者通过(1)id、(2) voteid和(3)vfiel参数向(a)index.php执行任意SQL命令,以及通过(4)nick、(5)email、(6)city、(7)messen和(8)message form field参数向(b)add.php执行。请注意:此信息的来源未知;详细信息是从第三方信息获得的。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Dominios Europa PICRATE 多个SQL注入漏洞
漏洞描述信息
Dominios Europa PICRATE (TAL RateMyPic) 1.0存在多个SQL注入漏洞,远程攻击者可通过传给(a)index.php的(1)id,(2)voteid和(3)vfiel参数,和通过传给(b)add.php的(4)nick,(5)email,(6)city,(7)messen和(8)message表单字段参数来执行任意SQL命令。
CVSS信息
N/A
漏洞类别
SQL注入