Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jettweb PHP Hazir Haber Sitesi Scripti V3 Authentication Bypass
Vulnerability Description
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Vulnerability Description
Jettweb PHP Hazir Haber Sitesi Scripti是土耳其Jettweb公司的一个内容管理系统。 Jettweb PHP Hazir Haber Sitesi Scripti V3版本存在SQL注入漏洞,该漏洞源于login.php管理面板存在身份验证绕过,可能导致未经身份验证的攻击者通过提交特制SQL语法获得管理员访问权限。
CVSS Information
N/A
Vulnerability Type
N/A