Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection in Ciser System SL firmware
Vulnerability Description
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Ciser System CSIP firmware SQL注入漏洞
Vulnerability Description
Ciser System CSIP firmware是西班牙Ciser System公司的一系列产品固件。 Ciser System CSIP firmware 3.0版本至5.1版本存在SQL注入漏洞,该漏洞源于身份验证模块存在SQL注入,可能导致系统配置数据完全泄露。
CVSS Information
N/A
Vulnerability Type
N/A