|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-11-19 | |
| Rule Name: | Quanchengyun OA QCPES.asmx SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | SQL injection vulnerabilities exist in multiple instances of the Quanchengyun OA QCPES.asmx interface. In addition to using SQL injection vulnerabilities to obtain information in the database, unauthenticated remote attackers can write Trojans to the server with high privileges to further obtain server system privileges. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |