Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EBM Technologies RISWEB - SQL Injection
Vulnerability Description
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
EBM Technologies RISWEB SQL注入漏洞
Vulnerability Description
EBM Technologies RISWEB是中国商之器科技(EBM Technologies)公司的一款应用程序。 EBM Technologies RISWEB存在SQL注入漏洞,该漏洞源于没有适当限制用户输入。远程攻击者无需身份验证即可注入 SQL 命令,从而能够读取、修改和删除数据库记录。
CVSS Information
N/A
Vulnerability Type
N/A