Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cybozu Garoon 多个SQL注入漏洞
Vulnerability Description
Windows操作系统下Cybozu Garoon 2.1.0软件存在多个SQL注入漏洞,远程认证用户可借助以下参数来执行任意SQL指令:(1) (a) todo/查看(也称TODO列表查看),(b) todo/修改 (也称TODO列表修改),或 (c) todo/删除功能中的tid参数;(2) (d) 工作流程/查看或 (e) 工作流程/打印功能中的pid参数;(3) (f) 进度/用户_查看,(g) /增加,(h) 手机短信/历史,或 (i) 进度/查看功能中的uid参数;(4) (j) todo/索
CVSS Information
N/A
Vulnerability Type
N/A