Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ripe Website管理器多个SQL注入漏洞
Vulnerability Description
Ripe Website Manager 0.8.9版本及其早期版本中存在多个SQL注入漏洞。远程验证用户可以借助一个或多个一下向量:(1)对(a) pages/delete_page.php, (b) navigation/delete_menu.php, 和 (c) admin/中的navigation/delete_item.php的 id参数; (2) menu_id, (3) name, (3) page_id, 和 (4)(d) admin/navigation/do_new_item.php
CVSS Information
N/A
Vulnerability Type
N/A