Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
Vulnerability Description
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
GUnet OpenEclass SQL注入漏洞
Vulnerability Description
GUnet OpenEclass是希腊GUnet公司的一个学习管理系统。 GUnet OpenEclass 1.7.3版本存在SQL注入漏洞,该漏洞源于议程模块等端点存在多个SQL注入点,可能导致经过身份验证的攻击者操纵数据库查询。
CVSS Information
N/A
Vulnerability Type
N/A