漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained.
漏洞信息
N/A
漏洞
N/A
漏洞
Desk SQL注入漏洞
漏洞信息
Desk是个人开发者的一款写作,博客和记笔记应用。 Desk 2.3版本存在SQL注入漏洞,该漏洞源于protected/models/Ticket.php文件的getBaseCriteria()函数中存在一个盲的未经认证的SQL注入漏洞。
漏洞信息
N/A
漏洞
N/A