漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SQL Injection in USOC
Vulnerability Description
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Usoc SQL注入漏洞
Vulnerability Description
Usoc是瑞士Aaron Junker个人开发者的一个有用的简单开源 Cms。 USOC存在安全漏洞,该漏洞源于USOC在register.php中针对SQL语句缺少有效的过滤和转义。特别是,用户提供的用户名、电子邮件地址和密码没有被清除,而是直接用于构造sql语句。
CVSS Information
N/A
Vulnerability Type
N/A