Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
R020 TemaTres SQL注入漏洞
Vulnerability Description
TemaTres是一个用来管理文档语言的Web应用程序,善于使用分层主题词表和目录词汇。 TemaTres 1.0.3版本和1.031版本中存在多个SQL注入漏洞,当magic_quotes_gpc被中止时,远程攻击者或远程认证用户可以借助(1)邮件(2)密码(3)对index.php的letra参数(4)y和(5)对sobre.php的m参数以及(6)dcTema,(7)madsTema,(8)zthesTema,(9)skosTema,和(10)对xml.php的xtmTema参数,执行任意SQL指令
CVSS Information
N/A
Vulnerability Type
N/A