Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款K2产品SQL注入漏洞
Vulnerability Description
K2 blackpearl、smartforms和K2 for SharePoint都是美国K2公司的产品。blackpearl是一套用于构建和运行业务流程的应用程序。smartforms是一款在线业务系统推送消息产品。K2 for SharePoint是一套用于在SharePoint 2013或Office上创建表单和工作流程的应用程序。 多款K2产品的Runtime/Runtime/AjaxCall.ashx文件中存在SQL注入漏洞。远程攻击者可借助‘xml’参数利用该漏洞执行任意SQL命令。以下产品
CVSS Information
N/A
Vulnerability Type
N/A