漏洞标题
Anant Labs的google-enterprise-connector-dctm SQL注入
漏洞描述信息
发现Anant Labs的google-enterprise-connector-dctm版本 up to 3.2.3存在一个被分类为关键的漏洞。受此漏洞影响的是一个未知的功能。操纵参数username/domain会导致SQL注入。该补丁的名称为6fba04f18ab7764002a1da308e7cd9712b501cb7。建议应用补丁来修复此问题。与该漏洞关联的标识符是VDB-218911。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Anant Labs google-enterprise-connector-dctm sql injection
漏洞描述信息
A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
google-enterprise-connector-dctm SQL注入漏洞
漏洞描述信息
google-enterprise-connector-dctm是个人开发者的一个Google Search Appliance 连接器。 google-enterprise-connector-dctm 3.2.3 及以下版本存在SQL注入漏洞,攻击者可利用该漏洞操作参数用户名/域会导致 sql 注入。
CVSS信息
N/A
漏洞类别
SQL注入