漏洞标题
N/A
漏洞描述信息
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) 版本v3.6-2 和更早版本在已识别的脆弱性参数中包含一个SQL注入漏洞:id、id_access_type 和 id_attr_access,可能导致恶意攻击者包含自己的SQL命令,数据库将执行。此攻击似乎可以通过网络连接进行利用。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and id_attr_access that can result in a malicious attacker can include own SQL commands which database will execute. This attack appears to be exploitable via network connectivity.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
OPT/NET BV OPTOSS Next Gen Network Management System SQL注入漏洞
漏洞描述信息
OPT/NET BV OPTOSS Next Gen Network Management System(NG-NetMS)是一套下一代网络管理系统。该系统提供基于Web的端到端管理功能。 OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) 3.6-2及之前版本中‘id’、‘id_access_type’和‘id_attr_access’参数存在SQL注入漏洞。远程攻击者可利用该漏洞执行SQL命令。
CVSS信息
N/A
漏洞类别
SQL注入