CNNVD-202510-396 Information
Oct 03, 2025
cve
CNNVD ID
CNNVD-202510-396
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
OpenSupports是OpenSupports开源的一款简单的开源的票务平台。 OpenSupports 4.11.0版本存在SQL注入漏洞,该漏洞源于未使用参数绑定直接将用户控制参数departmentId拼接到SQL WHERE子句,可能导致SQL注入攻击。
Description (English)
OpenSupports is a simple open-source platform for OpenSupports. OpenSupports version 4.11.0 contains an injection loophole in SQL, which results from the failure to bind the user control parameter DepartmentId directly to the SQL WHERE sub-phrase, which could lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
OpenSupports
Published
2025-10-03
Last Modified
2026-02-24
References
https://fluidattacks.com/advisories/tito https://github.com/opensupports/opensupports
Share on: