Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection in Redeight CMS
Vulnerability Description
An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated remote attackers to execute arbitrary SQL commands and extract sensitive database information.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Redeight CMS SQL注入漏洞
Vulnerability Description
Redeight Redeight CMS是Redeight公司的一款内容管理系统。 Redeight CMS 1.0版本存在SQL注入漏洞,该漏洞源于对用户输入过滤不严,未使用预编译语句直接将用户输入插入SQL查询,可能导致未经身份验证的远程攻击者执行任意SQL命令并提取敏感数据库信息。
CVSS Information
N/A
Vulnerability Type
N/A