Critical Vulnerability Information Vulnerability Title assigning CVE request platform #4 queryall attribute info Vulnerability Description Product Version: v1.0 URL: http://localhost:8080/assigning_cve_request_platform_war_exploded/ Impact Scope: 775 Vulnerability Details Type: SQL Injection URL: http://localhost:8080/assigning_cve_request_platform_war_exploded/queryAll?attributeInfo=1 Parameter: assigning_cve_request_platform_war_exploded/queryAll?attributeInfo=1 PoC (Proof of Concept): 1. Access the page and click the "Query All" button. 2. Append a single quote to the URL, e.g., http://localhost:8080/assigning_cve_request_platform_war_exploded/queryAll?attributeInfo=' 3. Observe the response; if an SQL error message appears, an SQL injection vulnerability exists. Impact Impact: May lead to database information leakage, data tampering, and other security issues. Release Time Release Time: 2023-05-29 20:22:25 Related Tags SQL Injection Database Security Vulnerability ``` This information indicates that the web page is vulnerable to SQL injection. Attackers can exploit this by inserting malicious SQL statements into specific URL parameters, potentially gaining unauthorized access to or modifying sensitive data within the database.