Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Vulnerability Description
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Payload SQL注入漏洞
Vulnerability Description
Payload是一个使用 TypeScript、Node.js、React 和 MongoDB 构建的 Headless CMS 和应用程序框架。 Payload 3.73.0之前版本存在SQL注入漏洞,该漏洞源于查询JSON或richText字段时,用户输入未经转义直接嵌入SQL,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A