Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WorkOrder CMS 0.1.0 - SQL Injection
Vulnerability Description
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or execute administrative commands.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
WorkOrder CMS SQL注入漏洞
Vulnerability Description
WorkOrder CMS是Roman B个人开发者的一个管理和调度工单的内容管理系统。 WorkOrder CMS 0.1.0版本存在SQL注入漏洞,该漏洞源于用户名和密码参数未经验证,可能导致未经身份验证的攻击者绕过登录并执行SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A