漏洞描述
万户ezOFFICE协同管理平台是一个综合信息基础应用平台,万户网络-ezOFFICE存在SQL注入漏洞,攻击者可获取系统密码等敏感信息。
万户ezoffice pic.jsp SQL注入
PoC代码
暂无相关漏洞推荐
- Langflow /api/v1/files/profile_pictures/../langflow.db 目录遍历漏洞
- 西安九佳易信息资讯有限公司时尚企业管理系统 picHY.aspx SQL注入漏洞
- Anthropic Claude Code 命令注入漏洞
- Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞(CVE-2025-2011)
- shiziyu-cms-apicontroller-sqli: shiziyu cms apicontroller sqli
- 万户OA /defaultroot/govezoffice/custom_documentmanager/smartUpload.jsp 文件上传漏洞
- POC CVE-2021-27330: Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
- POC CVE-2025-2011: Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection
- POC sns-public-subscribe-access: Public Subscription Access of SNS Topics via Policy
- POC sns-topic-public-accessible: Public Access of SNS Topics via Policy
- POC dahua-icc-readpic-fileread: Dahua Icc Readpic File Read
- POC gcloud-pubsub-cmek-disabled: Pub/Sub Topics Not Encrypted with Customer-Managed Encryption Keys
- POC gcloud-pubsub-deadletter-disabled: Dead Letter Topic Not Enabled for Google Pub/Sub Subscriptions