漏洞描述
泛微OA系统在/weaver/weaver.file.FileDownloadForOutDoc接口中存在SQL注入漏洞。攻击者可以通过构造恶意的SQL语句,未经授权地访问数据库中的敏感信息,可能导致数据泄露、篡改或破坏。
泛微OA /weaver/weaver.file.FileDownloadForOutDoc SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- 无POC泛微OA /dwr/call/plaincall/ 权限绕过漏洞
- 无POC泛微OA weaver.common.Ctrl 任意文件上传漏洞
- POC泛微OA ShowDocsImage SQL注入漏洞
- POC泛微OA E-Cology Action.jsp mobile.skin.SkinAction 任意文件上传漏洞
- POCCNVD-2019-32204: 泛微OA E-Cology BshServlet 远程代码执行漏洞
- POCCNVD-2021-33202: 泛微OA E-Cology LoginSSO.jsp SQL注入漏洞
- POCCNVD-2021-49104: 泛微OA E-Office UploadFile.php 任意文件上传漏洞
- POCCNVD-2023-12632: 泛微 OA e-cology v9 sql 注入
- POCe-bridge-saveyzjfile-file-read: 泛微OA E-Bridge saveYZJFile 任意文件读取
- POCecology-arbitrary-file-upload: 泛微OA e-cology V9前台任意上传漏洞
- POCe-cology-e-office-officeserver-file-read: 泛微OA E-Office officeserver.php 任意文件读取漏洞
- POCe-cology-filedownload-directory-traversal: 泛微OA e-cology 文件下载目录遍历
- POCe-cology-getsqldata-sql-inject: 泛微OA E-Cology getSqlData SQL注入漏洞