CNNVD-202601-1887 Information

CNNVD ID

CNNVD-202601-1887

Related CVE

CVE-2023-54340

• CNNVD Published: 2026-01-13

Description (Chinese)

WorkOrder CMS是Roman B个人开发者的一个管理和调度工单的内容管理系统。 WorkOrder CMS 0.1.0版本存在SQL注入漏洞，该漏洞源于用户名和密码参数未经验证，可能导致未经身份验证的攻击者绕过登录并执行SQL注入攻击。

Description (English)

WorkOrder CMS is a content management system for the management and movement control of the Roman B personal developers. WorkOrder CMS version 0.1.0 contains an injection loophole in SQL, which stems from the unverified user name and password parameters, which may lead to unidentified attackers bypassing login and carrying out SQL injection attacks.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/workorder-cms-sql-injection https://github.com/romzes13/WorkOrderCMS https://www.exploit-db.com/exploits/51038 https://access.redhat.com/security/cve/cve-2023-54340