漏洞描述
泛微e-cology OA系统的WorkflowCenterTreeData接口存在接口注入漏洞.漏洞是由于其内置sql语句拼接不严,导致存在sql注入漏洞.利用该漏洞可以读取数据库以及服务器敏感信息.
漏洞威胁等级
高危
影响范围
暂不清楚
漏洞复现
使用payload进行验证
修复建议
等待泛微官方进行修复
https://www.weaver.com.cn/
More than 3 years have passed since last update.
[漏洞预警]泛微ecology OA系统WorkflowCenterTreeData(限oracle数据库)接口注入漏洞
Last updated at Posted at 2019-10-10
Register as a new user and use Qiita more conveniently
- You get articles that match your needs
- You can efficiently read back useful information
- You can use dark theme
List of users who liked
00