漏洞描述
泛微 E-weaver /api/ec/dev/locale/getLabelByModule存在SQL注入漏洞,攻击者可以利用该漏洞获取数据库敏感信息,进而控制整个系统。
泛微 E-weaver /api/ec/dev/locale/getLabelByModule 存在SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- 泛微OA weaver.common.Ctrl 任意文件上传漏洞
- e-weaver-eoffice-webservice-upload-fileupload: E-Weaver EOffice webservice upload file upload
- weaver-oa-workrelate-file-upload: Weaver OA Workrelate File Upload
- 泛微OA /weaver/weaver.file.FileDownloadForOutDoc SQL 注入漏洞
- POC e-cology-oa-e-weaver-signature-download: 泛微 OA E-Weaver SignatureDownLoad 任意文件读取
- POC weaver-ebridge-addTasteJsonp-sqli: Weaver e-Bridge addTasteJsonp SQL Injection
- POC weaver-ebridge-checkmobile-sqli: Weaver E-Bridge CheckMobile SQL Injection
- POC weaver-ebridge-file-read: 泛微云桥e-bridge任意文件读取漏洞
- POC weaver-ecology9-filedownloadlocation-sqli: Weaver E-cology 9.x FileDownloadLocation SQL Injection
- POC sap-netweaver-backdoor: SAP NetWeaver - Backdoor Detection
- POC weaver-eoffice-file-upload: Weaver E-Office v9.5 - Arbitrary File Upload
- POC weaver-checkserver-sqli: Ecology OA CheckServer - SQL Injection
- POC weaver-e-cology-validate-sqli: Weaver e-cology Validate.JSP - SQL Injection