Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HSC Cybersecurity HC Mailinspector SQL注入漏洞
Vulnerability Description
HSC Cybersecurity HC Mailinspector是HSC Cybersecurity公司的一个云电子邮件安全解决方案。 HSC Cybersecurity HC Mailinspector 5.2.17-3 到 v.5.2.18版本存在SQL注入漏洞,该漏洞源于对 /mailinspector/mliRealtimeEmails.php 的 POST 请求中的 ordemGrid 参数无法正确清理输入,从而允许经过身份验证的攻击者执行任意 SQL 命令。
CVSS Information
N/A
Vulnerability Type
N/A