漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string
Vulnerability Description
OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
OpenProject SQL注入漏洞
Vulnerability Description
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 17.2.3之前版本存在SQL注入漏洞,该漏洞源于=n操作符将用户输入直接嵌入SQL WHERE子句,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A