|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-23 | |
| Rule Name: | EQCCD OA SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Full process cloud OA provides 26 functions for enterprises, including daily office management, document management, work requests, reports, archives, knowledge system, budget control, etc., with over 100 sub modules. Improper parameter filtering on the entire cloud office system/OA/PM/svc.asmx page results in an SQL injection vulnerability, which can be exploited by unauthorized attackers to obtain sensitive information in the database. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |