漏洞标题
敏感信息泄露利用SQL注入在Xibo CMS名称过滤器中滥用
漏洞描述信息
利用Xibo CMS的nameFilter中的SQL注入披露敏感信息
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Sensitive Information Disclosure abusing SQL Injection in Xibo CMS nameFilter
漏洞描述信息
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Xibo SQL注入漏洞
漏洞描述信息
Xibo是Xibo Digital Signage开源的一个内容管理系统。 Xibo 3.2.0到3.3.5之前版本存在安全漏洞,该漏洞源于存在SQL注入漏洞。
CVSS信息
N/A
漏洞类别
SQL注入