Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NewType WebEIP v3.0 - SQL injection
Vulnerability Description
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
NewType WebEIP SQL注入漏洞
Vulnerability Description
NewType WebEIP是中国新人类(NewType)公司的一个企业团队管理解决方案。 NewType WebEIP 3.0版本存在SQL注入漏洞,该漏洞源于未正确验证用户输入,允许具有常规权限的远程攻击者注入SQL命令来读取、修改和删除存储数据库中的数据。
CVSS Information
N/A
Vulnerability Type
N/A