Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nominas 0.27 SQL Injection via username Parameter
Vulnerability Description
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection payloads to extract database information including usernames, database names, and version details.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Arixolab Nominas 路径遍历漏洞
Vulnerability Description
Arixolab Nominas是西班牙Arixolab公司的一个人力资源薪资挂历系统。 Arixolab Nominas 0.27版本存在路径遍历漏洞,该漏洞源于login/checklogin.php中的username参数存在SQL注入问题,可能导致未经验证的攻击者执行任意SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A