Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KerviNet kervinet_forum 'index.php,message.php' SQL注入漏洞
Vulnerability Description
KerviNet Forum 1.1以及之前版本中的多个SQL注入漏洞允许远程攻击者借助 (1)自动操作中到index.php的enter_parol cookie (2)到message.php的主题参数来执行任意的SQL命令。 注意:第二种方法可以被跨站脚本攻击杠杆化。
CVSS Information
N/A
Vulnerability Type
N/A