RULE(RULE ID:338126)

Rule General Information
Release Date: 2024-06-11
Rule Name: Hanzhi Employee Service Platform loginByPassword SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: The Hanzhi Employee Service Platform is a digital platform that provides comprehensive services for enterprise employees, aiming to enhance their work efficiency and satisfaction through various online tools and resources. There is an SQL injection vulnerability in the Hanzhi Employee Service Platform, which can lead to unauthorized data access, data leakage, and even system destruction, posing a serious threat to the enterprise's information security.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.