12 matches found
CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...
CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...
Xinhu RockOA SQL注入漏洞
Xinhu RockOA is an office OA system of China Xinhu Company. A SQL injection vulnerability exists in Xinhu RockOA version 2.6.2, which originates from the parameter nickName in the function dataAction /webmain/task/openapi/openmodhetongAction.php, which can lead to SQL injection...
PT-2024-38269 · Unknown · Xinhu Rockoa
Name of the Vulnerable Software and Affected Versions: Xinhu RockOA version 2.6.2 Description: A critical issue was found in the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be...
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...
FeiFeiCms 路径遍历漏洞
FeiFeiCMS is an open source PHP video on demand system . FeiFeiCMS version 4.0 has a path traversal vulnerability that can be exploited to delete arbitrary files by sending a specially crafted HTTP request to the Admin/DataAction.class.php component...
Gxlcms SQL Injection Vulnerability (CNVD-2018-21608)
Gxlcms is an enterprise website creation system. A SQL injection vulnerability exists in the \lib\admin\action\dataaction.class.php file in Gxlcms version 2.0. A remote attacker can exploit this vulnerability by executing arbitrary SQL commands with the 'ids' parameter...
Code Execution Vulnerability in Gxlcms News System DataAction.class.php
Gxlcms News System is a news cms content management system developed in php+mysql. A code execution vulnerability exists in DataAction.class.php of Gxlcms News System. An attacker can exploit the vulnerability to obtain a webshell...
Directory traversal
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...
Arbitrary File Read Vulnerability in GxlcmsQY System
GxlcmsQY system is a simple program tailored for business users. GxlcmsQY System\Lib\Lib\Action\Admin\DataAction.class.php contains an arbitrary file reading vulnerability. An attacker can exploit the vulnerability to read arbitrary files and obtain sensitive information...
Pan micro-oa system /ServiceAction/com. eweaver. base. DataAction? sql leaked all account passwords including the administrator without logging in
No description provided by source...
SQL Injection Vulnerability in Panmicro e-Weaver System
e-Weaver system is a Panmicro OA office software. A SQL injection vulnerability exists in the e-Weaver System/ServiceAction/com.eweaver.base.DataAction page of Panmicro, which can be exploited in a comprehensive manner to allow an attacker to obtain sensitive information about the database...