Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()
Vulnerability Description
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Advantech WebAccess/VPN 安全漏洞
Vulnerability Description
Advantech WebAccess/VPN是中国台湾研华(Advantech)公司的一款高级网络安全平台。 Advantech WebAccess/VPN 1.1.5之前版本存在安全漏洞,该漏洞源于AjaxNetworkController.ajaxAction函数未正确过滤datatable搜索参数,可能导致SQL注入攻击和数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A