Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blind SQL Injection vulnerability in eTRAKiT.Net
Vulnerability Description
A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
CentralSquare eTRAKiT 安全漏洞
Vulnerability Description
CentralSquare eTRAKiT是美国CentralSquare公司的一个公共在线门户,可与内部社区发展系统交互。 CentralSquare eTRAKiT 3.2.1.77版本存在安全漏洞,该漏洞源于输入验证不当,可能导致远程未经验证的攻击者以当前MS SQL服务器账户执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A