Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Steedos Steedos-platform SQL注入漏洞
Vulnerability Description
Steedos Steedos-platform是中国Steedos组织的一个基于Javascript的可声明式的方式创建网站的建站系统。 Steedos Platform 1.21.24版本及之前版本存在SQL注入漏洞,该漏洞源于允许NoSQL注入,因为erver/packages/steedos_base.js的 /api/collection/findone错误地处理了req.body验证,如MongoDB操作攻击,如X-User-Id[$ne]=1值。
CVSS Information
N/A
Vulnerability Type
N/A