Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nokia Broadcast Message Center SQL注入漏洞
Vulnerability Description
Nokia Broadcast Message Center是芬兰诺基亚(Nokia)公司的一个广播消息中心管理警报。可同时将来自政府和公共安全机构的紧急警报和消息传送给指定地理区域内的多个移动用户。 Nokia Broadcast Message Center 11.1.0及其之前版本存在SQL注入漏洞,该漏洞源于/owui/block/send-receive-updates缺少过滤和转义。攻击者通过 extIdentifier HTTP POST 参数利用该漏洞获取数据库用户、数据库名称和数据库版本
CVSS Information
N/A
Vulnerability Type
N/A