|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-06-11 | |
| Rule Name: | Hanzhi Employee Service Platform loginByPassword SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Hanzhi Employee Service Platform is a digital platform that provides comprehensive services for enterprise employees, aiming to enhance their work efficiency and satisfaction through various online tools and resources. There is an SQL injection vulnerability in the Hanzhi Employee Service Platform, which can lead to unauthorized data access, data leakage, and even system destruction, posing a serious threat to the enterprise's information security. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |