IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the lack of validation of the parameter id in the component Add User Handler against externally entered SQL statements, and can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
深圳市博思协创网络科技有限公司 ibos oa | eq | 4.5.5 |