Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection in USOC
Vulnerability Description
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Usoc SQL注入漏洞
Vulnerability Description
Usoc是瑞士Aaron Junker个人开发者的一个有用的简单开源 Cms。 USOC存在安全漏洞,该漏洞源于USOC在register.php中针对SQL语句缺少有效的过滤和转义。特别是,用户提供的用户名、电子邮件地址和密码没有被清除,而是直接用于构造sql语句。
CVSS Information
N/A
Vulnerability Type
N/A