Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bitrix mcart.xls模块SQL注入漏洞
Vulnerability Description
Bitrix是美国Bitrix公司的一套社交协作、沟通和管理工具。mcart.xls是其中的一个模块。 Bitrix mcart.xls模块6.5.2及之前的版本中存在SQL注入漏洞。远程攻击者可借助多种方法利用该漏洞执行任意的SQL命令(多种方法包括:向admin/mcart_xls_import.php文件中发送‘xls_profile’参数,或向admin/mcart_xls_import_step_2.php文件发送(1)‘xls_iblock_id’、(2)‘xls_iblock_section
CVSS Information
N/A
Vulnerability Type
N/A