Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
barronwaffles dwc_network_server_emulator gs_database.py update_profile sql injection
Vulnerability Description
A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as critical. This vulnerability affects the function update_profile of the file gamespy/gs_database.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated remotely. The name of the patch is f70eb21394f75019886fbc2fb536de36161ba422. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216772.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
dwc_network_server_emulator SQL注入漏洞
Vulnerability Description
dwc_network_server_emulator是barronwaffles个人开发者的一个任天堂 DS 和 Wii 在线多人服务器模拟器。 dwc_network_server_emulator存在SQL注入漏洞,该漏洞源于文件gamespy/gs_database.py的函数update_profile存在问题,对参数firstname/lastname的操作会导致sql注入。
CVSS Information
N/A
Vulnerability Type
N/A