Hillstone Networks

RULE（RULE ID：338390）

Rule General Information


Release Date:		2024-09-03

Rule Name:		Tongxine eHR GetFlowDropDownListItems SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Tongxine eHR Human resource management system is a solution focused on enterprise human resource management, which provides a series of tools and functions to help enterprises optimize their human resource management process. The GetFlowDropDownListItems interface of Tongxine eHR human resource management system has SQL injection vulnerabilities. Malicious attackers can perform unauthorized database operations through this vulnerability, which may lead to security problems such as information leakage, database tampering or denial of service.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.