Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
Vulnerability Description
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo parameter before using it in SQL queries, allowing attackers to inject arbitrary SQL commands and extract sensitive data through time-based Boolean inference.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
OpenSTAManager SQL注入漏洞
Vulnerability Description
OpenSTAManager是Devcode开源的一个用于技术援助和计费的开源管理软件。 OpenSTAManager v2.9.8及之前版本存在SQL注入漏洞,该漏洞源于对文章定价完成处理程序中的idarticolo参数清理不当,可能导致基于时间的盲SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A