Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rmedia SMS 1.0 SQL Injection via editgrp.php
Vulnerability Description
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Rmedia SMS SQL注入漏洞
Vulnerability Description
Rmedia SMS是ananditwiz个人开发者的一个短信网关系统。 Rmedia SMS 1.0版本存在SQL注入漏洞,该漏洞源于editgrp.php中的gid参数存在SQL注入,可能导致提取数据库架构和敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A