漏洞描述
泛微e-office系统是标准、易用、快速部署上线的专业协同OA软件,国内协同OA办公领域领导品牌,致力于为企业用户提供专业OA办公系统、移动OA应用等协同OA整体解决方案。泛微content_-3.php存在SQL注入漏洞,黑客可以直接执行SQL语句,从而控制整个服务器:获取数据、修改数据、删除数据等
泛微e-office content_-3.php SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2019-15823: WPS Hide Login <= 1.5.2.2 - Login Page Bypass
- POC CVE-2019-9082: ThinkPHP < 3.2.4 - Remote Code Execution
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal
- POC CVE-2020-13125: Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass
- POC CVE-2021-24213: GiveWP <= 2.9.7 - Cross-Site Scripting
- POC CVE-2021-3007: Laminas Project laminas-http - Remote Code Execution
- POC CVE-2021-33829: Drupal 7 CKEditor XSS