Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection via search in USOC
Vulnerability Description
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Usoc SQL注入漏洞
Vulnerability Description
Usoc是瑞士Aaron Junker个人开发者的一个有用的简单开源 Cms。 USOC 存在SQL注入漏洞,该漏洞源于软件中usersearch.php中对于用户提供的搜索词没有进行转义,而是直接用于构造sql语句。
CVSS Information
N/A
Vulnerability Type
N/A