Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EdTv 2 SQL Injection via id Parameter
Vulnerability Description
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit_source endpoint with crafted SQL UNION statements to extract database information including schema names, user credentials, and version details.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
EdTv 代码问题漏洞
Vulnerability Description
EdTv是EdTv公司的一个在线视频发布平台。 EdTv 2版本存在代码问题漏洞,该漏洞源于admin/edit_source中的id参数存在SQL注入,可能导致执行任意SQL查询并提取数据库信息。
CVSS Information
N/A
Vulnerability Type
N/A