Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ResourceSpace 8.6 SQL Injection via collection_edit.php
Vulnerability Description
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Montala ResourceSpace 跨站请求伪造漏洞
Vulnerability Description
Montala ResourceSpace是英国Montala公司的一种开源数字资产管理工具。使用户能够组织他们的数字资产。 Montala ResourceSpace 8.6版本存在跨站请求伪造漏洞,该漏洞源于对collection_edit.php中keywords参数的输入验证不足,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A