漏洞描述
泛微-云桥e-Bridge addTasteJsonp接口存在SQL注入漏洞,未经身份验证的远程攻击者除了可以利用SQL注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高 权限的情况可向服务器中写入木马,进一步获取服务器系统权限。
泛微云桥 e-Bridge checkMobile接口存在SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- ecology-ebridge-addtaste-sqli: 泛微云桥 taste/addTaste SQL注入
- POC CVE-2020-11853: Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
- POC CVE-2021-22502: Micro Focus Operations Bridge Reporter - Remote Code Execution
- POC CVE-2021-25112: WordPress WHMCS Bridge <6.4b - Cross-Site Scripting
- POC CVE-2025-4008: MeteoBridge <= 6.1 - Remote Code Execution
- POC CVE-2025-4008: MeteoBridge <= 6.1 - Remote Code Execution
- POC e-bridge-saveyzjfile-file-read: 泛微OA E-Bridge saveYZJFile 任意文件读取
- POC weaver-ebridge-addTasteJsonp-sqli: Weaver e-Bridge addTasteJsonp SQL Injection
- POC weaver-ebridge-checkmobile-sqli: Weaver E-Bridge CheckMobile SQL Injection
- POC commax-credentials-disclosure: COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure
- POC exposed-adb: Exposed Android Debug Bridge
- Smartbedded MeteoBridge 存在远程命令执行漏洞(CVE-2025-4008)
- (CVE-2025-3604) Flynax Bridge插件账户接管漏洞