Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection
Vulnerability Description
The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Jalios JPlatform SQL注入漏洞
Vulnerability Description
Jalios JPlatform是Jalios公司的一个数字化工作平台。 Jalios JPlatform 10 SP6 10.0.6之前版本存在SQL注入漏洞,该漏洞源于DB选择器功能对SQL命令中特殊元素的中和不当,可能导致经过身份验证的管理员用户触发SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A