Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bitweaver 2.0.0 and Prior 多个输入验证漏洞
Vulnerability Description
Bitweaver中存在多个SQL注入漏洞,远程攻击者可以借助(1)wiki/list_pages.php中的分类模式参数以及(2)search/index.php的强调参数执行任意SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A