Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kailash Nadh boastMachine 'UNION"和"SELECT'参数SQL注入漏洞
Vulnerability Description
Kailash Nadh boastMachine (以前的bMachine)3.1及之前版本存在不完整黑名单漏洞。远程认证管理员可以通过使用未经产品过滤的逗号、引号字符、井号(#)字符、"UNION"和"SELECT",绕过SQL注入防护机制。产品仅检查"插入"、"删除"、"更新"和"替换"。
CVSS Information
N/A
Vulnerability Type
N/A