漏洞描述
【漏洞对象】通达OA系统 【漏洞描述】通达OA系统的/interface/auth.php文件user_id参数存在sql注入,可造成信息数据泄露,攻击者可利用该漏洞执行SQL指令,甚至入侵服务器。
通达OA auth.php user_id-SQL注入
PoC代码
暂无相关漏洞推荐
- Yealink T53 Phone /api/auth/login 默认口令漏洞
- POC 网神SecFox运维安全管理与审计系统 /3.0/authService/login 命令执行漏洞
- POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
- POC CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
- POC unauth-munin: Munin Monitoring Dashboard - Exposure
- Ceph /api/auth 默认口令漏洞
- lsfusion /file/static/noauth 目录遍历漏洞(CVE-2025-13261)
- POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
- POC CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE
- POC CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
- POC CVE-2022-33198: WordPress Accordions - Unauthenticated Settings Update