Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Simplessus Cookie Time sql injection
Vulnerability Description
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Simplessus SQL注入漏洞
Vulnerability Description
Simplessus是德国Simplessus公司的一个用于管理客户关系的现代软件。 Simplessus 3.7.7版本存在SQL注入漏洞。攻击者利用该漏洞通过 UWA_SID 参数进行sql注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A