2 matches found
CVE-2020-18019
SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "modeworcAction.php" component...
CVE-2020-18019
CVE-2020-18019: Xinhu OA System v1.8.3 contains an SQL injection in the typeid parameter of the createfolderAjax function (mode_worcAction.php). The root cause is unvalidated input allowing arbitrary commands to be injected, leading to unauthorized access to sensitive information. Reported impact...