漏洞描述
NC系统可利用getAuth接口实现SQL注入,可窃取服务器敏感信息。
关于NC系统getAuth的sql注入漏洞的安全通告
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-13486: Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution
- POC wordfence-config-disclosure: WordPress Wordfence - Configuration File Disclosure
- POC wordfence-rules-disclosure: WordPress Wordfence - Rules File Disclosure
- POC wordfence-waf-logs-disclosure: WordPress Wordfence - WAF Logs and Data Disclosure
- POC wp-maintenance-mode-fpd: WordPress WP Maintenance Mode - Full Path Disclosure
- POC wp-wordfence-fpd: Wordfence - Full Path Disclosure
- POC wp-easy-fancybox-fpd: Easy FancyBox - Full Path Disclosure
- 微力同步-VeriSync resources 任意文件读取漏洞
- GreenCMS 路径遍历漏洞
- 用友NC及NC Cloud系统 /uapws/service/nc.itf.bap.service.IBapIOService getBapTableDatas SQL 注入漏洞
- Campcodes Advanced_voting_management_system不正确的权限分配漏洞(CVE-2025-14889)
- (CVE-2023-53873)SyncBreeze 15.2.24登录认证机制拒绝服务漏洞
- 用友NC /portal/pt/portalcombo/importCombo XML 外部实体注入漏洞