Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
Vulnerability Description
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Nozomi Networks Guardian SQL注入漏洞
Vulnerability Description
Nozomi Networks Guardian是美国Nozomi Networks公司的一款物联网设备和软件检查系统。 Nozomi Networks Guardian 存在安全漏洞,该漏洞源于 alerts_count 组件中的输入验证不正确,导致经过身份验证的攻击者可以在 Web 应用程序使用的 DBMS 上执行任意 SQL 查询。
CVSS Information
N/A
Vulnerability Type
N/A