CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...

PT-2024-38269 · Unknown · Xinhu Rockoa

Name of the Vulnerable Software and Affected Versions: Xinhu RockOA version 2.6.2 Description: A critical issue was found in the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be...

Xinhu RockOA SQL注入漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A SQL injection vulnerability exists in Xinhu RockOA version 2.6.2, which originates from the parameter nickName in the function dataAction /webmain/task/openapi/openmodhetongAction.php, which can lead to SQL injection...

CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter...

FeiFeiCms 路径遍历漏洞

FeiFeiCMS is an open source PHP video on demand system . FeiFeiCMS version 4.0 has a path traversal vulnerability that can be exploited to delete arbitrary files by sending a specially crafted HTTP request to the Admin/DataAction.class.php component...

Gxlcms SQL Injection Vulnerability (CNVD-2018-21608)

Gxlcms is an enterprise website creation system. A SQL injection vulnerability exists in the \lib\admin\action\dataaction.class.php file in Gxlcms version 2.0. A remote attacker can exploit this vulnerability by executing arbitrary SQL commands with the 'ids' parameter...

Code Execution Vulnerability in Gxlcms News System DataAction.class.php

Gxlcms News System is a news cms content management system developed in php+mysql. A code execution vulnerability exists in DataAction.class.php of Gxlcms News System. An attacker can exploit the vulnerability to obtain a webshell...

Directory traversal

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

Arbitrary File Read Vulnerability in GxlcmsQY System

GxlcmsQY system is a simple program tailored for business users. GxlcmsQY System\Lib\Lib\Action\Admin\DataAction.class.php contains an arbitrary file reading vulnerability. An attacker can exploit the vulnerability to read arbitrary files and obtain sensitive information...

Pan micro-oa system /ServiceAction/com. eweaver. base. DataAction? sql leaked all account passwords including the administrator without logging in

No description provided by source...

SQL Injection Vulnerability in Panmicro e-Weaver System

e-Weaver system is a Panmicro OA office software. A SQL injection vulnerability exists in the e-Weaver System/ServiceAction/com.eweaver.base.DataAction page of Panmicro, which can be exploited in a comprehensive manner to allow an attacker to obtain sensitive information about the database...