Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
openDCIM <= 23.04 SQL Injection in Config::UpdateParameter
Vulnerability Description
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
openDCIM SQL注入漏洞
Vulnerability Description
openDCIM是openDCIM开源的一个数据中心库存管理(DCIM)应用程序。 openDCIM 23.04版本存在SQL注入漏洞,该漏洞源于Config::UpdateParameter未使用预处理语句或输入清理,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A