Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EasyPMS 1.0.0 - Authentication Bypass
Vulnerability Description
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
EasyPMS 安全漏洞
Vulnerability Description
EasyPMS是美国EasyPMS公司的一个酒店管理系统。 EasyPMS 1.0.0版本存在安全漏洞,该漏洞源于JSON请求中的SQL查询存在输入验证不足,可能导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A