Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PostgreSQL SQL Injection (status_sql.php)
Vulnerability Description
PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_sql.php. The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations prevent stacked queries, attackers can inject subqueries for data exfiltration and leverage verbose error messages for reconnaissance.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
DB Electronica Mozart FM Transmitter 安全漏洞
Vulnerability Description
DB Electronica Mozart FM Transmitter是意大利DB Electronica公司的一个专业级FM广播发射机系列。 DB Electronica Mozart FM Transmitter 30版本、50版本、100版本、300版本、500版本、1000版本、2000版本、3000版本、3500版本、6000版本和7000版本存在安全漏洞,该漏洞源于status_sql.php中sw1和sw2参数未过滤,可能导致SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A