Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NewType FlowMaster BPM Plus - SQL Injection
Vulnerability Description
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
NewType FlowMaster BPM Plus SQL注入漏洞
Vulnerability Description
NewType FlowMaster BPM Plus是中国新人类(NewType)公司的一个商业流程管理系统。 NewType FlowMaster BPM Plus存在SQL注入漏洞,该漏洞源于特定查询功能未正确限制用户输入,允许具有常规权限的远程攻击者注入SQL命令来读取、修改或删除数据库内容。
CVSS Information
N/A
Vulnerability Type
N/A