Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import
Vulnerability Description
Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical() method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the database. This issue has been patched in version 2.244.0.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Ghostfolio SQL注入漏洞
Vulnerability Description
Ghostfolio是Ghostfolio开源的一个个人财富管理软件。 Ghostfolio 2.244.0之前版本存在SQL注入漏洞,该漏洞源于绕过符号验证,可能导致通过getHistorical方法执行任意SQL命令,从而读取、修改或删除数据库中所有用户的敏感财务数据。
CVSS Information
N/A
Vulnerability Type
N/A