Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
School ERP Pro 1.0 - 'es_messagesid' SQL Injection
Vulnerability Description
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Arox School ERP Pro SQL注入漏洞
Vulnerability Description
Arox School ERP Pro是Arox公司的一个一站式自动化管理平台。 School ERP Pro 1.0版本存在SQL注入漏洞,该漏洞源于es_messagesid参数存在SQL注入漏洞,攻击者可通过GET请求注入特制SQL语句,可能导致数据库信息被提取、修改或删除。
CVSS Information
N/A
Vulnerability Type
N/A