Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpWebThings Patched SQL注入漏洞
Vulnerability Description
phpWebThings 1.4 Patched中存在多个"潜在"SQL注入漏洞, 远程攻击者可能可以通过 (1)download.php中的ref参数,(2)forum.php中的direction、msg、sforum、reason、subname和toform参数,(3)forum_edit.php中的msg和forum参数,(4)forum_write.php中的msg和forum参数,(5) guestbook.php中的tekst参数,(6)index.php中的menuoption参数和(7
CVSS Information
N/A
Vulnerability Type
N/A