Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findModulePage.do findModulePage sql injection

A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Tipray Data Leakage Prevention System SQL注入漏洞

Tipray Data Leakage Prevention System是中国天锐（Tipray）公司的一款数据防泄密系统。 Tipray Data Leakage Prevention System 1.0版本存在SQL注入漏洞，该漏洞源于对文件findModulePage.do中参数sort的错误操作，可能导致SQL注入攻击。

N/A

N/A