漏洞描述
泛微协同管理应用平台(e-cology)是一套兼具企业信息门户、知识管理、数据中心、工作流管理、人力资源管理、客户与合作伙伴管理、项目管理、财务管理、资产管理功能的协同商务平台。泛微e-cologySyncUserInfo.jsp 存在SQL注入漏洞,攻击者可利用该漏洞获取敏感信息。
泛微Ecology OA SyncUserInfo.jsp SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- POC ecology-mobile-plugin-checkserver-sqli: 泛微 Ecology OA SQL 注入漏洞
- POC ecology-v9-sqli: Ecology 9 - SQL Injection
- POC ecology-arbitrary-file-upload: Ecology - Arbitrary File Upload
- POC ecology-filedownload-directory-traversal: Ecology - Local File Inclusion
- POC ecology-oa-byxml-xxe: EcologyOA deleteUserRequestInfoByXml - XML External Entity Injection
- POC ecology-springframework-directory-traversal: Ecology Springframework - Local File Inclusion
- ecology-v8-sqli: Ecology 8 - SQL Injection
- POC weaver-checkserver-sqli: Ecology OA CheckServer - SQL Injection
- 泛微 Ecology LoginSSO.jsp SQL注入漏洞
- 泛微OA Ecology9 uploaderOperate.jsp 前台任意文件上传漏洞
- 泛微OA系统 SyncUserInfo.jsp接口信息泄露漏洞
- 泛微Ecology OA ln.FileDownload目录穿越漏洞
- 泛微Ecology OA org.springframework.web.servlet.ResourceServlet目录穿越漏洞