漏洞标题
N/A
漏洞描述信息
在 Kailash Nadh boastMachine (formerly bMachine) 3.1 及更早版本中,缺乏 Blacklist 漏洞允许远程授权的管理员通过使用逗号、引号字符、点号(#)字符、“UNION”和“SELECT”绕过 SQL 注入防护机制,这些操作不受产品过滤,产品仅检查“插入”、“删除”、“更新”和“替换”。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Kailash Nadh boastMachine 'UNION"和"SELECT'参数SQL注入漏洞
漏洞描述信息
Kailash Nadh boastMachine (以前的bMachine)3.1及之前版本存在不完整黑名单漏洞。远程认证管理员可以通过使用未经产品过滤的逗号、引号字符、井号(#)字符、"UNION"和"SELECT",绕过SQL注入防护机制。产品仅检查"插入"、"删除"、"更新"和"替换"。
CVSS信息
N/A
漏洞类别
SQL注入