Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin
Vulnerability Description
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Jettweb Hazir Rent A Car Scripti SQL注入漏洞
Vulnerability Description
Jettweb Hazir Rent A Car Scripti是土耳其Jettweb公司的一个汽车租赁网站系统。 Jettweb Hazir Rent A Car Scripti V4版本存在SQL注入漏洞,该漏洞源于admin/index.php端点的tur、id和ozellikdil参数存在SQL注入,可能导致未经身份验证的攻击者操纵数据库查询、提取敏感信息或导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A