漏洞标题
Cisco Common Services Platform Collector SQL Injection 漏洞
漏洞描述信息
Cisco Common Services Platform Collector SQL注入漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Cisco Common Services Platform Collector SQL Injection Vulnerability
漏洞描述信息
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Cisco Common Services Platform Collector SQL注入漏洞
漏洞描述信息
Cisco Common Services Platform Collector(CSPC)是美国思科(Cisco)公司的一款通用服务平台数据收集器。该产品通过轮询思科设备的基本库存和配置数据分析网络性能,并识别风险和漏洞。 Cisco Common Services Platform Collector (CSPC) 存在SQL注入漏洞,该漏洞源于 configuration dashboard 中存在一个漏洞,该漏洞可能允许经过身份验证的远程攻击者通过 CSPC 配置仪表板提交 SQL 查询。此漏洞是
CVSS信息
N/A
漏洞类别
SQL注入