漏洞描述
其中 account 参数存在SQL注入,攻击者通过漏洞可以获取数据库敏感信息,危害服务器安全。
禅道项目管理系统 account 参数存在SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- ERPNext /api/method/erpnext.accounts.doctype.dunning.dunning.get_dunning_letter_text SQL 注入漏洞(CVE-2025-66434)
- TDuck /login/account 默认口令漏洞
- 璐华HRM /ajaxpro/RuvarHRM.Web.Common.get_account_by_tree.RuvarHRM.Web.Common.ashx SQL 注入漏洞
- Flowise /api/v1/account/forgot-password 未授权访问漏洞(CVE-2025-58434)
- POC CVE-2024-10914: D-Link NAS account_mgr.cgi存在远程命令执行
- POC azure-storage-account-delete-unalerted: Azure Storage Account Delete Alert Not Configured
- POC azure-storage-account-update-unalerted: Azure Storage Account Create/Update Alert Not Configured
- POC kyan-network-monitoring-account-password-leakage: Kyan 网络监控设备 hosts 账号密码泄露漏洞
- POC gcloud-vm-default-service-account-full-access: VM Instance Using Default Service Account with Full API Access
- POC gcloud-vm-default-service-account: VM Instance Using Default Service Account
- POC casbin-get-users-account-password-disclosure: Casbin get-users 账号密码泄漏漏洞
- POC gcloud-gke-default-service-account: GKE Clusters Using Default Service Account
- POC gcloud-service-account-admin-restriction: Restrict Administrator Access for Service Accounts