Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
Vulnerability Description
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before using it in SQL LIKE clauses across multiple module-specific search handlers, allowing attackers to inject arbitrary SQL commands and extract sensitive data through time-based Boolean inference.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
OpenSTAManager SQL注入漏洞
Vulnerability Description
OpenSTAManager是Devcode开源的一个用于技术援助和计费的开源管理软件。 OpenSTAManager v2.9.8及之前版本存在SQL注入漏洞,该漏洞源于对全局搜索功能中的term参数清理不当,可能导致基于时间的盲SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A