Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vianeos OctoPUS 5 - 'login_user' SQLi
Vulnerability Description
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extract information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Vianeos OctoPUS SQL注入漏洞
Vulnerability Description
Vianeos OctoPUS是法国Vianeos公司的一款视频服务中间件系统。 Vianeos OctoPUS 5版本存在SQL注入漏洞,该漏洞源于login_user参数存在基于时间的盲SQL注入,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A