Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
eDirectory All Versions SQL Injection Authentication Bypass
Vulnerability Description
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection to authenticate as administrator, then leverage authenticated file disclosure vulnerabilities in language_file.php to read arbitrary PHP files from the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
eDirectory SQL注入漏洞
Vulnerability Description
eDirectory是eDirectory公司的一个在线目录网站。 eDirectory存在SQL注入漏洞,该漏洞源于多个SQL注入漏洞,可能导致未经验证攻击者绕过管理员身份验证并泄露敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A