Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2
Vulnerability Description
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Nozomi Networks Guardian SQL注入漏洞
Vulnerability Description
Nozomi Networks Guardian是美国Nozomi Networks公司的一款物联网设备和软件检查系统。 Nozomi Networks Guardian 和 CMC存在安全漏洞,该漏洞源于Alerts控制器中的输入验证不当。攻击者利用该漏洞在Web应用程序使用的DBMS上执行任意SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A