漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
elaniin CMS 1.0 - Authentication Bypass
Vulnerability Description
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Elaniin CMS SQL注入漏洞
Vulnerability Description
Elaniin CMS是Elaniin开源的一个用PHP+MySQL创建的开源内容管理系统。 Elaniin CMS 1.0版本存在SQL注入漏洞,该漏洞源于登录页面存在SQL注入,可能导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A