漏洞描述
孚盟云CRM系统的/m/Dingding/Ajax/AjaxCustomerInfoAtion.ashx接口在处理subEmpId参数时,未对用户输入的SQL语句进行有效过滤和校验,存在报错型SQL注入漏洞。攻击者可通过构造恶意的SQL注入语句,利用该漏洞非法获取数据库敏感信息,甚至执行任意SQL命令。
孚盟云 CRM /m/Dingding/Ajax/AjaxCustomerInfoAtion.ashx SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- 孚盟云 CRM /m/Dingding/Ajax/AjaxFormDefault.ashx SQL 注入漏洞
- 孚盟云 CRM /m/Dingding/Ajax/AjaxMailList.ashx SQL 注入漏洞
- 孚盟云 CRM /m/Dingding/Ajax/AjaxMailInSend.ashx SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxMailSetup.ashx SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxReadMail.ashx SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxProviderList.ashx SendMessage SQL 注入漏洞
- 孚盟云CRM AjaxOthers.ashx SQL注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxBusinessPrice.ashx GetContactEmail SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxOrderManage.ashx SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxBusinessPrice.ashx checkBusinessPrice SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxBusinessPrice.ashx moreLoad SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxBusinessPrice.ashx getCustReturnValue SQL 注入漏洞
- 孚盟云CRM /m/Dingding/Ajax/AjaxBusinessPrice.ashx GetContactEmailByFid SQL 注入漏洞