CNVD-2015-02871

Vulnerability from cnvd - Published: 2015-06-03
VLAI Severity ?
Title
汇文软件手机OPAC图书馆门户系统SQL注入漏洞
Description
江苏汇文软件有限公司的手机图书馆门户系统是集掌上门户,掌上APP为一体的移动服务解决方案,在移动智能时代拉近读者与图书馆之间的距离。 汇文软件手机OPAC图书馆门户系统SQL注入漏洞。允许攻击者利用此漏洞获取数据库敏感信息。
Severity
Patch Name
汇文软件手机OPAC图书馆门户系统存在SQL注入漏洞
Patch Description
联系江苏汇文软件有限公司025-83685818,发53620388@qq.com处置。同时发赛尔网络协调处置。
Formal description

防注入

Impacted products
Name
江苏汇文软件有限公司 手机图书馆门户
Show details on source website
To clipboard 

{
  "description": "\u6c5f\u82cf\u6c47\u6587\u8f6f\u4ef6\u6709\u9650\u516c\u53f8\u7684\u624b\u673a\u56fe\u4e66\u9986\u95e8\u6237\u7cfb\u7edf\u662f\u96c6\u638c\u4e0a\u95e8\u6237\uff0c\u638c\u4e0aAPP\u4e3a\u4e00\u4f53\u7684\u79fb\u52a8\u670d\u52a1\u89e3\u51b3\u65b9\u6848\uff0c\u5728\u79fb\u52a8\u667a\u80fd\u65f6\u4ee3\u62c9\u8fd1\u8bfb\u8005\u4e0e\u56fe\u4e66\u9986\u4e4b\u95f4\u7684\u8ddd\u79bb\u3002 \r\n\r\n\u6c47\u6587\u8f6f\u4ef6\u624b\u673aOPAC\u56fe\u4e66\u9986\u95e8\u6237\u7cfb\u7edfSQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u5e93\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "\u5f20\u5ef6\u78ca",
  "formalWay": "\u9632\u6ce8\u5165",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02871",
  "openTime": "2015-06-03",
  "patchDescription": "\u8054\u7cfb\u6c5f\u82cf\u6c47\u6587\u8f6f\u4ef6\u6709\u9650\u516c\u53f8025-83685818\uff0c\u53d153620388@qq.com\u5904\u7f6e\u3002\u540c\u65f6\u53d1\u8d5b\u5c14\u7f51\u7edc\u534f\u8c03\u5904\u7f6e\u3002",
  "patchName": "\u6c47\u6587\u8f6f\u4ef6\u624b\u673aOPAC\u56fe\u4e66\u9986\u95e8\u6237\u7cfb\u7edf\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e",
  "products": {
    "product": "\u6c5f\u82cf\u6c47\u6587\u8f6f\u4ef6\u6709\u9650\u516c\u53f8 \u624b\u673a\u56fe\u4e66\u9986\u95e8\u6237"
  },
  "serverity": "\u9ad8",
  "submitTime": "2015-04-20",
  "title": "\u6c47\u6587\u8f6f\u4ef6\u624b\u673aOPAC\u56fe\u4e66\u9986\u95e8\u6237\u7cfb\u7edfSQL\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.