Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MKPortal 多个SQL注入漏洞
Vulnerability Description
MKPortal 1.1.1版本中存在多个SQL注入漏洞。远程攻击者可以借助(1)(a)urlobox模块中的index.php的delete_urlo函数的idurlo字段; (2)update_file和(3)(b)reviews模块中的index.php的del_file函数中的iden字段; (4)delete_news函数的idnews字段和(5)(c)news模块中的index.php的del_comment函数的idcomm字段; (6)(d)gallery模块中的index.php的del
CVSS Information
N/A
Vulnerability Type
N/A