Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Neocrome Land Down Under 'Profile.Inc.PHP' SQL注入漏洞
Vulnerability Description
Neocrome Land Down Under (LDU)中的system/core/profile/profile.inc.php存在SQL注入漏洞,远程认证用户可以通过一个传给users.php的以有效文件名开始的url编码id参数来执行任意SQL命令,如通过在"default.gif"之后跟随一个双编码NULL和' (单引号)(%2500%2527)。
CVSS Information
N/A
Vulnerability Type
N/A