Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OneOrZero AIMS index.php多个SQL注入漏洞
Vulnerability Description
OneOrZero AIMS 2.6.0 Members Edition和2.7.0 Trial Edition版本的index.php中存在多个SQL注入漏洞。远程认证用户可借助search_management_manage子控制器的saved_search操作中的id参数和show_item_search操作中的item_types参数执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A