Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database
Vulnerability Description
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
SunGard Public Sector eTRAKiT3 SQL注入漏洞
Vulnerability Description
SunGard Public Sector eTRAKiT3是美国SunGard Public Sector公司的一套土地管理软件。该软件通过自动化许可、管理检查土地使用和跟踪项目以及提供状态更新的可见性并支持处理付款等功能。 SunGard Public Sector eTRAKiT3 3.2.1.1版本中存在SQL注入漏洞,该漏洞源于程序没有正确的验证‘valueAsString’参数。远程攻击者可利用该漏洞修改POST请求并插入SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A