Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Selesta Visual Access Manager SQL注入漏洞
Vulnerability Description
Selesta Visual Access Manager (VAM) 4.15.0版本至4.29版本中存在SQL注入漏洞。攻击者可通过向/tools/VamPersonPhoto.php文件注入‘persoid’参数利用该漏洞执行任意的SQL SELECT语句。
CVSS Information
N/A
Vulnerability Type
N/A