Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Business Management SQL注入漏洞
Vulnerability Description
Open Business Management (OBM) 2.4.0-rc13和早期版本中存在多个SQL注入漏洞。远程认证用户可利用这些漏洞通过(1)sel_domain_id或(2)action参数传送到obm.php脚本(3)查找操作中的tf_user参数传送到group/group_index.php脚本(4)tf_delegation(5)tf_ip(6)tf_name传送到host/host_index.php脚本或(7)lang(8)theme(9)cal_alert(10)cal_fir
CVSS Information
N/A
Vulnerability Type
N/A