Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GRANDCOM DynWEB SQL注入漏洞
Vulnerability Description
GRANDCOM DynWEB是斯洛伐克GRANDCOM公司的一个内容管理系统的登录管理界面。 GRANDCOM DynWEB 4.2 之前版本存在安全漏洞,该漏洞源于后端登录脚本不会验证和清理用户提供的字符串。未经身份验证的远程攻击者利用该漏洞可以利用此漏洞获得对网页的管理访问权限、访问用户数据库、修改 Web 内容和上传自定义文件。
CVSS Information
N/A
Vulnerability Type
N/A