Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Connectwise ConnectWise Automate SQL注入漏洞
Vulnerability Description
Connectwise ConnectWise Automate是美国ConnectWise(Connectwise)公司的一套基于云的本地IT自动化解决方案。该产品支持内容管理、文件共享、IT资产跟踪和管理等功能。 ConnectWise Automate 2021.5 之前的版本存在SQL注入漏洞,攻击者可利用该漏洞通过精工细作的监视器状态响应从实例中提取数据库信息或管理凭证。
CVSS Information
N/A
Vulnerability Type
N/A