Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xbtit SQL注入漏洞
Vulnerability Description
Xbtit是一个开源的跟踪器软件。 Xbtit 3.1 存在SQL注入漏洞,该漏洞源于ajaxchat/getHistoryChatData.php 文件中的 sid 参数缺少对于SQL语句的过滤转义。攻击者可以发送特殊请求利用该漏洞获取用户名和密码等敏感数据,某些情况下可以在远程 Web 服务器上执行远程代码。
CVSS Information
N/A
Vulnerability Type
N/A