漏洞描述
云时空ERP存在信息泄露漏洞,该漏洞是由于online接口对用户的权限校验不当导致的。
云时空ERP online 信息泄露漏洞 (访问成功)
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-1000129: WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
- POC dcn-online-list-fileread: DCN System Online_list.php Arbitrary File Read
- POC tongda-online-user-session-disclosure-login: 通达OA Online User Session Disclosure and Login
- POC onlinefarm-management-xss: Online Farm Management System 0.1.0 - Cross-Site Scripting
- POC wp-qwiz-online-xss: Qwiz Online Quizzes And Flashcards <= 3.36 - Cross-Site Scripting
- 锐捷Ruijie-UAC /view/vpn/autovpn/online_check.php 命令执行漏洞
- 泛微E-Office online_person.wsdl.php SQL 注入漏洞
- 泛微E-Office /webservice-json/online_person/online_person.wsdl.php GetPrivInfo SQL 注入漏洞
- 泛微E-Office /webservice-json/online_person/online_person.wsdl.php GetAllDeptInfo SQL 注入漏洞
- 泛微E-Office /webservice-json/online_person/online_person.wsdl.php Get_UserInfo SQL 注入漏洞
- 神州数码 DCME-320 /online_list.php 文件读取漏洞
- 神州数码DCME-320 online_list.php存在任意文件读取漏洞
- 神州DCN路由器 online_list.php 任意文件读取漏洞