Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.
Vulnerability Description
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Quest Software Kace K1000 Appliance SQL注入漏洞
Vulnerability Description
Quest Software Kace K1000 Appliance是美国Quest Software公司的一款系统管理设备。该产品主要用于软件许可证管理、补丁和端点安全管理、软件分发和服务器监控等功能。 Quest Kace K1000 Appliance 9.0.270之前版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A