Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Layton Technology HelpBox多个SQL注入漏洞
Vulnerability Description
Layton HelpBox 3.0.1版本存在多个SQL注入漏洞。远程攻击者可以借助以下参数执行任意SQL命令:(1)editcommentenduser.asp中的sys_comment_id参数,(2)editsuspensionuser.asp中的sys_suspend_id参数,(3)export_data.asp中的table参数,(4)manageanalgrouppreference.asp中的sys_analgroup参数,(5)quickinfoassetrequests.asp中的s
CVSS Information
N/A
Vulnerability Type
N/A