|
|||
Rule General Information |
---|
Release Date: | 2021-04-01 | |
Rule Name: | Zhiyuan OA test.jsp SQL Injection Vulnerability -2 | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Zhiyuan Software is a Chinese collaborative management software developer and service provider focusing on the field of collaborative management software, integrating product development, market expansion, channel sales, and technical support. Zhiyuan OA test.jsp exists sql injection vulnerability, and remote attacker can write webshell to the server by injection. | |
Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |