漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability
Vulnerability Description
Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of NVBULibraryPort JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27631.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Quest NetVault Backup SQL注入漏洞
Vulnerability Description
Quest NetVault Backup是美国Quest公司的一款跨平台的企业级数据备份与恢复软件解决方案。 Quest NetVault Backup 14.0.0.19版本存在SQL注入漏洞,该漏洞源于在处理NVBULibraryPort JSON-RPC消息时未正确验证用户提供的字符串,可能导致远程攻击者利用SQL注入在NETWORK SERVICE环境中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A