Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Application Dynamics Cartweaver ColdFusion SQL注入漏洞
Vulnerability Description
Application Dynamics Cartweaver ColdFusion 2.16.11及早期版本允许远程攻击者借助于(a) Results.cfm中的无效参数(1) secondary、 (2) PageNum_Results、(3) category或(4) keywords,或(b) Details.cfm中的无效参数(5)ProdID获取敏感信息,这些参数在多个错误信息中泄露了路径信息。 注:参数category、keywords和ProdID所导致的结果可能是由SQL注入引起的。
CVSS Information
N/A
Vulnerability Type
N/A