Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated Union based SQL-injection in the search input field
Vulnerability Description
This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Zenitel ICX500和Zenitel ICX510 安全漏洞
Vulnerability Description
Zenitel ICX500和Zenitel ICX510都是挪威Zenitel公司的一款通信与控制平台。 Zenitel ICX500和Zenitel ICX510存在安全漏洞,该漏洞源于攻击者可直接查询底层数据库,可能导致检索Billing Admin数据库中所有数据,包括明文存储的用户凭据。
CVSS Information
N/A
Vulnerability Type
N/A