Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Q-Free MAXTIME Suite SQL注入漏洞
Vulnerability Description
Q-Free MAXTIME Suite是Q-Free公司的一个用于本地交通信号管理的软件套件。 Q-Free MAXTIME Suite 2.11.0版本及之前版本存在SQL注入漏洞,该漏洞源于maxprofile/menu/model.lua中的editUserMenu端点未正确处理用户输入。攻击者利用该漏洞可以通过特制的HTTP请求执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A