CNNVD-202509-2790 Information

Sep 17, 2025 cve

CNNVD ID

CNNVD-202509-2790

CVE-2025-10592

CNNVD Published: 2025-09-17

Description (Chinese)

itsourcecode Online Public Access Catalog OPAC是itsourcecode开源的一个在线公共访问目录。 itsourcecode Online Public Access Catalog OPAC 1.0版本存在SQL注入漏洞，该漏洞源于对文件mysearch.php中参数search_field和search_text的错误操作，可能导致SQL注入攻击。

Description (English)

Its sourcecode Online Access Catalog OPAC is an online public access source. Its sourcecode Online Public Access OPAC Version 1.0 contains an injection loophole in SQL, which is the result of a mishandling of the parameters Mysearch.php in the document:search field and search text, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

itsourcecode

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/drew-byte/Online-Public-Access-Catalog-OPAC-SQLi-PoC/blob/main/README.md https://itsourcecode.com/ https://vuldb.com/?ctiid.324609 https://vuldb.com/?id.324609 https://vuldb.com/?submit.648959

Share on: