Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
elearning-script 1.0 - Authentication Bypass
Vulnerability Description
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain unauthorized access to the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
elearning-script SQL注入漏洞
Vulnerability Description
elearning-script是Amit Kollol Dey个人开发者的一个电子学习博客。 elearning-script 1.0版本存在SQL注入漏洞,该漏洞源于对文件/login.php中登录参数的错误操作,可能导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A