Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TreasureHuntGame TreasureHunt checkflag.php console_log sql injection
Vulnerability Description
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
TreasureHunt 注入漏洞
Vulnerability Description
TreasureHunt是TreasureHuntGame开源的一个用于教授计算机安全的自动问题生成工具和挑战型竞赛。 TreasureHunt 963e0e0版本及之前版本存在注入漏洞,该漏洞源于对参数 problema 的错误操作会导致 sql 注入。
CVSS Information
N/A
Vulnerability Type
N/A