Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AUVESY Versiondog
Vulnerability Description
The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
AUVESY Versiondog SQL注入漏洞
Vulnerability Description
AUVESY Versiondog是德国AUVESY公司的一款自动化生产数据和变更管理软件解决方案。 AUVESY Versiondog 存在SQL注入漏洞,该漏洞源于在特定 TCP 端口上运行的调度程序服务使用户能够启动和停止作业。 提供给函数的作业 ID 没有进行清理。 攻击者可能会发送恶意负载,使用户能够通过发送特定字符串来执行另一个 SQL 表达式。
CVSS Information
N/A
Vulnerability Type
N/A