Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ActiveWebSoftwares Active Newsletter 脚本SubscriberStart.asp 多个SQL注入漏洞
Vulnerability Description
Active NewsletterActive是ActiveWebSoftwares基于ASP开发的新闻和邮件列表管理程序。 Newsletter 4.3版本的SubscriberStart.asp中存在多个SQL注入漏洞。远程攻击者可以借助(1)email参数(又称用户名或E-mail字段),或(2)对(a) Subscriber.asp或(b)start.asp的密码参数(又称密码字段),执行任意SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A