Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Advantech R-SeeNet SQL注入漏洞
Vulnerability Description
Advantech R-SeeNet是中国台湾研华(Advantech)公司的一个工业监控软件。该软件基于 snmp 协议进行监控平台,并且适用于 Linux、Windows 平台。 Advantech R-SeeNet 存在SQL注入漏洞,该漏洞源于 company_list 页面中存在多个可利用的 SQL 注入漏洞。 特制的 HTTP 请求可能导致 SQL 注入。 攻击者可以发出经过身份验证的 HTTP 请求来触发这些漏洞。 但是需要使用高权限的超级管理员账号才能实现不跨站请求伪造攻击的利用。
CVSS Information
N/A
Vulnerability Type
N/A