漏洞描述
通达OA是一款专业的协同办公自动化软件,为企业提供全面的办公管理解决方案。通达OA /general/system/seal_manage/iweboffice/delete_seal.php 接口存在SQL注入漏洞,攻击者可以通过构造恶意SQL语句,未经授权访问数据库,获取敏感信息,篡改数据或破坏数据库的完整性,可能导致企业核心数据泄露或业务中断。
通达OA v11.7 delete_cascade.php SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- tongda-v11-getdata-rce: 通达OA v11.9 getdata 任意命令执行漏洞
- POC CVE-2022-41441: ReQlogic v11.3 - Cross Site Scripting
- POC CVE-2024-55457: MasterSAM Star Gate v11 - Local File Inclusion
- POC tongda-insert-sql-inject-getshell: 通达OA v11.6 insert SQL注入漏洞
- POC tongda-oa-api-ali-upload: 通达OA v11.8 api.ali.php任意文件上传漏洞
- POC tongda-oa-logincode-any-user-login: 通达OA v11.5 login_code.php 任意用户登录
- POC tongda-report-bi-func-sql-inject: 通达OA v11.6 report_bi.func.php SQL注入漏洞
- POC tongda-swfupload-new-sql-inject: 通达OA v11.5 swfupload_new.php SQL注入漏洞
- POC tongda-v11-session-disclosure-login-bypass: 通达OA v11.5 logincheck_code.php 登陆绕过漏洞
- POC tongda-api-file-upload: Tongda OA v11.8 api.ali.php - Arbitrary File Upload
- POC tongda-getdata-rce: Tongda OA v11.9 getadata - Remote Code Execution
- POC tongda-getway-rfi: Tongda OA v11.8 getway.php - Remote File Inclution
- POC tongda-insert-sqli: Tongda OA v11.6 Insert Parameter - SQL Injection