漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OwnTone Server < 29.1 SQL Injection via query and filter Parameters
Vulnerability Description
OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit insufficient sanitization of these parameters to bypass filters and gain unauthorized access to media library data.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
OwnTone SQL注入漏洞
Vulnerability Description
OwnTone是OwnTone开源的一个 Linux/FreeBSD DAAP (iTunes)、MPD (Music Player Daemon) 和 RSP (Roku) 媒体服务器。 OwnTone 28.4版本至29.0版本存在SQL注入漏洞,该漏洞源于DAAP查询和过滤器处理中对query=和filter=参数清理不足,可能导致SQL注入攻击,从而未经授权访问媒体库数据。
CVSS Information
N/A
Vulnerability Type
N/A