Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. The backend fails to sanitize the user input, allowing enumeration of database schemas, table names, and potentially leading to full database compromise.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Spacecom Log2Space Subscriber Management Software 安全漏洞
Vulnerability Description
Spacecom Log2Space Subscriber Management Software是印度Spacecom公司的一个订阅用户管理软件。 Spacecom Log2Space Subscriber Management Software 1.1版本存在安全漏洞,该漏洞源于未对/l2s/api/selfcareLeadHistory端点中的lead_id参数进行验证和清理,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A