Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
collector.ch myGesuad SQL注入和跨站脚本攻击漏洞
Vulnerability Description
myGesuad是一款基金会管理网站的构建工具。 myGesuad 0.9.14版本(又称0.9版本)中存在多个SQL注入漏洞。远程攻击者可以借助(1)对common/login.php的formUser参数(又称名参数),执行任意SQL指令。远程认证用户可以借助对(2)kategorie.php,(3)budget.php,(4)zahlung.php,或(5)modules/中的与classes/class.perform.php相关的adresse.php的一个细节操作中的id参数,执行任意SQL指
CVSS Information
N/A
Vulnerability Type
N/A