Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ServerZilla 1.0 SQL Injection via email Parameter
Vulnerability Description
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authentication and extract sensitive database information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
ServerZilla SQL注入漏洞
Vulnerability Description
ServerZilla是ajithkp9895个人开发者的一个FTP文件传输工具。 ServerZilla 1.0版本存在SQL注入漏洞,该漏洞源于reset.php中的email参数存在SQL注入问题,可能导致未经验证的攻击者绕过身份验证或提取敏感数据库信息。
CVSS Information
N/A
Vulnerability Type
N/A