Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tina4 Stack 1.0.3 SQL Injection and Database File Download
Vulnerability Description
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Tina4 Stack SQL注入漏洞
Vulnerability Description
Tina4 Stack是Tina4公司的一个全站开发框架集合。 Tina4 Stack 1.0.3版本存在SQL注入漏洞,该漏洞源于允许直接访问数据库文件和SQL注入,可能导致未经验证的攻击者获取用户凭据或操纵数据库查询。
CVSS Information
N/A
Vulnerability Type
N/A