Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Maxboard SQL injection and LFI vulnerability
Vulnerability Description
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Max Yi MaxBoard SQL注入漏洞
Vulnerability Description
Max Yi MaxBoard是韩国Max Yi公司的一个 CMS(内容管理系统) 或 Web 框架。有助于使网站创建和站点管理更容易,并且可以轻松方便地用于构建应用程序的后端。 Max Yi MaxBoard 1.9.3.3 之前的版本存在SQL注入漏洞,该漏洞源于可以通过使用所需值操作变量并插入任意文件,导致信息泄漏和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A