|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-05-10 | |
| Rule Name: | Weaver OA e-mobile 6.5 SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Weaver e-mobile is a mobile office product released by Shanghai Weaver Network Technology, based on the Android client. Versions of Weaver e-mobile 6.5 and earlier are susceptible to a SQL injection vulnerability. This vulnerability arises from the lack of validation for user input data on the front end. Attackers can exploit this vulnerability by crafting malicious data packets, leading to a SQL injection vulnerability and facilitating the unauthorized retrieval of sensitive data. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.weaver.com.cn/cs/security/edm20210412_awekoit80rexdzpecytrbgh.html |