Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Montala ResourceSpace SQL注入漏洞
Vulnerability Description
Montala ResourceSpace是英国Montala公司的一种开源数字资产管理工具。使用户能够组织他们的数字资产。 ResourceSpace 9.5 和 9.6 rev 18274版本存在SQL注入漏洞,攻击者可以获取ResourceSpace数据库的全部内容,包括用户会话cookie。
CVSS Information
N/A
Vulnerability Type
N/A