Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Cisco Prime Service Catalog SQL注入漏洞
Vulnerability Description
Cisco Prime Service Catalog(PSC)是美国思科公司(Cisco)的一套通过单一的门户网站提供所有IT服务的服务目录解决方案。该方案支持自动化订购计算、网络、存储和其他数据中心资源的统一服务目录。 Cisco PSC中的Web框架存在SQL注入漏洞,该漏洞源于程序没有验证用户提交的输入。远程攻击者可通过向受影响的系统发送特制的SQL语句利用该漏洞读取数据表中的条目。
CVSS Information
N/A
Vulnerability Type
N/A