Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft SQL Server Web Task Stored Procedure特权提升漏洞
Vulnerability Description
Microsoft SQL服务器7.0和2000版本,Microsoft Data Engine (MSDE) 1.0版本,和Microsoft Desktop Engine (MSDE) 2000版本中进程中储存的xp_runwebtas可以被PUBLIC执行。攻击者可以通过无强烈许可的msdb.dbo.mswebtasks表格的更新数据库拥有者拥有的webtask提升特权。
CVSS Information
N/A
Vulnerability Type
N/A