4 matches found
Arbitrary File Read Vulnerability in Ninth OA System
Ninth OA system is the OA system to install, implement, learn, operate and maintain. An arbitrary file read vulnerability exists in the Jiushi OA system. It allows attackers to exploit the vulnerability to obtain sensitive information. The vulnerable URL is:...
SQL Injection Vulnerability in the getInfo Interface Function of Jiusi OA System
Ninth OA system is the OA system to install, implement, learn, operate and maintain. A SQL injection vulnerability exists in the Ninth OA System. The lack of filtering of the 'getInfo' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...
SQL Injection Vulnerability in the activityId Parameter of Jus OA System
Ninth OA system is the OA system to install, implement, learn, operate and maintain. There is a SQL injection vulnerability in the activityId parameter of the Ninth OA system. When Action is toNextActivity is, the activityId parameter is filtered to directly splice SQL statements, resulting in SQ...
XXE Vulnerability in Ninth OA System
Ninth OA system is the OA system to install, implement, learn, operate and maintain. Ninth OA system DocumentBuilder db = ex.newDocumentBuilder; Document doc = db.parserequest.getInputStream; XXE vulnerability exists. An attacker can read arbitrary files on the server and obtain sensitive...