Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Observium Professional Enterprise Community SQL注入漏洞
Vulnerability Description
Observium是英国observium的一个免费的服务器监控平台。该平台由PHP编写的基于自动发现 SNMP 的网络监控平台,支持非常广泛的网络硬件和操作系统,包括 Cisco、Windows、Linux、HP、NetApp 等等。 Observium Professional, Enterprise & Community 20.8.10631版本中存在SQL注入漏洞,该漏洞允许攻击者注入恶意SQL语句,发送不正确的变量类型Array可以绕过核心SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A