Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LabCollector 5.423 SQL Injection via login.php
Vulnerability Description
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
LabCollector SQL注入漏洞
Vulnerability Description
LabCollector是LabCollector公司的一个多合一的实验室管理平台。 LabCollector 5.423版本存在SQL注入漏洞,该漏洞源于POST参数存在多个SQL注入,可能导致未经验证的攻击者执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A