Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Square 9 GlobalForms SQL注入漏洞
Vulnerability Description
Square 9 GlobalForms是美国Square 9 Softworks公司的一套Web表单管理软件。该软件能够收集Web表单数据并根据关键字自动填充数据。 Square 9 GlobalForms 6.2.x版本中的‘match’参数存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A