Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dell KACE K1000 SQL注入漏洞
Vulnerability Description
Dell KACE K1000是美国戴尔(Dell)公司的KACE系统管理系列中的一套IT设备管理解决方案。该方案提供软件分发、配置管理、补丁安装、安全漏洞补救等功能。 Dell KACE K1000 5.4.76847及之前的版本中存在SQL注入漏洞,该漏洞源于(1)service/kbot_service.php脚本没有正确过滤getUploadPath和getKBot SOAP请求中的‘macAddres’元素;(2)userui/advisory_detail.php和userui/ticket.
CVSS Information
N/A
Vulnerability Type
N/A