| Description: | | Sql injection vulnerability exists in the Realor GWT system 7.0.2.1 and previous versions. The vulnerability is due to the fact that the Realor GWT system does not filter the incoming data of the user, and directly concatenates the user input directly into the sql statement for execution. A malicious attacker without authentication successfully uses this vulnerability to obtain sensitive information in the database. Or write the webshell backdoor, so as to execute arbitrary code on the target server to obtain control rights of the target server. |