漏洞标题
keerti1924 在线图书商店网站 search.php SQL注入攻击
漏洞描述信息
在keerti1924 Online-Book-Store-Website 1.0中发现了一个漏洞。它已宣布为关键性漏洞。受到此漏洞影响的是文件/search.php的未知功能。操纵参数search会导致SQL注入。攻击可以远程发起。利用程序已被公开披露,并可能被使用。与该漏洞关联的标识符是VDB-256039。注意:关于这次披露,我们很早就联系了供应商,但他们没有任何回应。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
keerti1924 Online-Book-Store-Website search.php sql injection
漏洞描述信息
A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256039. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Online-Book-Store-Website SQL注入漏洞
漏洞描述信息
Online-Book-Store-Website是一个在线书店网站。 Online-Book-Store-Website 1.0 版本存在SQL注入漏洞,该漏洞源于 /search.php 文件的 search 参数存在 SQL 注入漏洞。
CVSS信息
N/A
漏洞类别
SQL注入