Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Inventory SQL注入漏洞
Vulnerability Description
PHP Inventory是免费的,开源,基于Web的库存跟踪解决方案。 PHP Inventory的index.php中存在多个SQL注入漏洞。远程认证用户可以借助用户信息操作中的user_id参数,执行任意的SQL指令。远程攻击者可以还借助用户名和密码参数,执行任意的SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A