漏洞描述
广联达科技股份有限公司作为数字建筑平台服务商,围绕工程项目的全生命周期,为客户提供数字化软硬件产品、解决方案及相关服务。广讯通(linkworks) EmailAccountOrgUserService email参数存在sql注入,可对系统执行sql操作,获取数据库等信息。
广联达OA EmailAccountOrgUserService 接口 email 参数存在SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- CNVD-2019-16798: Coremail Information Disclosure
- coremail-manager-password-disclosure: Coremail 邮件系统未授权访问获取管理员账密
- glodon-oa-msgbroadcastuploadfile-uploadfile: 广联达oa 后台文件上传漏洞 (需登录)
- WordPress Plugin email-subscribers /wp-admin/admin-post.php advanced_filter SQL 注入漏洞(CVE-2024-2876)
- POC azure-sql-va-emails-unconfigured: Azure SQL Classic VA Emails Unconfigured
- POC glodon-linkworks-Getuserbyusercode-sqli: 广联达oa Linkworks Getuserbyusercode 存在SQL注入
- POC smartoa-emaildownload-file-read: 智明 SmartOA EmailDownload.ashx 任意文件下载漏洞
- POC yonyou-u8-crm-getemaildata-fileread: 用友 U8 CRM客户关系管理系统 getemaildata.php 任意文件读取漏洞
- POC yonyou-u8-crm-getemaildata-uploadfile: 用友 U8 CRM客户关系管理系统 getemaildata.php 任意文件上传漏洞
- POC coremail-config-disclosure: Coremail - Config Discovery
- POC wp-email-subscribers-listing: WordPress Plugin Email Subscribers Listing
- POC wp-woocommerce-email-verification: Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass
- POC yonyou-u8-crm-fileupload: UFIDA U8-CRM getemaildata - Arbitary File Upload