Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Files: Potential for SQL Injection through File Browse and List Operations
Vulnerability Description
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Files SQL注入漏洞
Vulnerability Description
Files是Karl Ward个人开发者的一个单文件 PHP 应用程序。可以拖放到任何目录中,允许浏览其中的文件和目录。 Files 0.16.9及之前版本存在SQL注入漏洞,该漏洞源于未阻止后端SQL查询利用,可能导致未授权数据访问。
CVSS Information
N/A
Vulnerability Type
N/A