漏洞关键信息 漏洞标题 Title: z-9527 admin ≤ commit 72aaf2d SQL Injection 漏洞描述 Description: - A SQL blind injection vulnerability exists in Z-9527 Admin ≤ commit 72aaf2d at the /user/register endpoint. - The username field allows direct SQL statement concatenation without sanitization. - Attackers can inject malicious payloads using time-based techniques for inference and data extraction. 漏洞来源 Source: - URL: https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-2 提交信息 User: Anonymous User Submission Date: 2023/02/14 2:47 PM Moderation Date: 2023/02/25 3:04 PM 状态与评分 Status: Duplicate Points: 0 相关CVE VulDB Entry: 347772 注意事项 Duplicate entry suggests this bug might be already reported elsewhere.