Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1 matches found

seebug.org
seebug.orgadded 2015/09/15 12:0 a.m.103 views

ISPConfig <= 3.0.5.4p7 monitor/show_sys_state.php SQL注入漏洞

因为不完整地过滤导致了SQL注入, 通过HTTP GET方式传递的server参数给了 /monitor/showsysstate.php页面攻击者可以传入任意恶意SQL命令并在数据库中执行该漏洞的成功的利用可以让攻击者获得数据库的读写权限甚至危机整个web应用但是该漏洞此时仍然是一个鸡肋漏洞, 因为攻击者要进行此攻击必须是认证通过的用户而且还需要有monitor权限然而, 结合CSRF Cross-Site Request Forgery in ISPConfig:...

6.8CVSS6.5AI score0.04615EPSS
Exploits6
Rows per page
Query Builder