Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sage Group Sage 300 安全漏洞
Vulnerability Description
Sage Group Sage 300是英国Sage Group公司的一个完善的闭源企业资源规划 (ERP) 解决方案,旨在促进企业管理。 Sage Group Sage 300 存在安全漏洞。攻击者利用该漏洞可以恢复使用的SQL连接字符串并可以创建、更新和删除数据库中的数据。
CVSS Information
N/A
Vulnerability Type
N/A