Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Katello SQL注入漏洞
Vulnerability Description
Katello是一款系统管理引擎。该产品可提供配置管理、订阅管理和内容管理的工作流。 Katello中存在SQL注入漏洞。该漏洞源于经过身份验证的远程攻击者可以制作输入数据以强制对后端数据库执行格式错误的SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A