Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Synology SafeAccess SQL注入漏洞
Vulnerability Description
群晖科技 Synology SafeAccess是中国群晖科技公司的一款可对网络环境进行安全配置的设备。该设备可以监督用户的 Internet 行为、设置 Internet 计划和时间配额,还可以应用网页过滤器来保护特定用户,以及通过封锁危险网站来保护本地网络中的所有设备。 Synology SafeAccess 1.2.3-0234之前版本存在SQL注入漏洞,该漏洞源于request.cgi存在SQL注入漏洞,允许远程攻击者可利用该漏洞通过域参数执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A