Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd
Vulnerability Description
The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Schoolbox SQL注入漏洞
Vulnerability Description
Schoolbox是澳大利亚Schoolbox公司的一个在线学习平台。 Schoolbox 21.0.2版本存在安全漏洞,该漏洞源于通过易受攻击参数进行多个SQL注入攻击。攻击者利用该漏洞可以从数据库中提取数据。
CVSS Information
N/A
Vulnerability Type
N/A