Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
BMC Community Track-It! SQL注入漏洞
Vulnerability Description
BMC Community Track-It!是美国BMC Community公司的一个 It 帮助台软件。用于带有资产管理的帮助台和服务台。 BMC Community Track-It! 20.21.02.109版本存在SQL注入漏洞,该漏洞源于在使用用户提供的字符串构建SQL查询之前缺乏正确的验证,允许远程攻击者在受影响的安装中泄露敏感信息。利用该漏洞需要认证,具体漏洞存在于GetPopupSubQueryDetails端点,攻击者可以利用这个漏洞泄露存储的凭证,导致进一步的破坏。
CVSS Information
N/A
Vulnerability Type
N/A