CVE-2021-22860 EIC e-document system - Broken Authentication

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary...

CVE-2021-22859

CVE-2021-22859 affects the EIC e-document system: the data querying function does not filter special characters, enabling SQL injection. The root cause is improper input filtering in the query path, allowing remote attackers to inject SQL syntax and execute arbitrary commands without privileges. ...

CVE-2021-22859 EIC e-document system - SQL Injection

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege...

杰印资讯公司 Excellent Infotek Corporation EIC e-document system 授权问题漏洞

Excellent Infotek Corporation EIC e-document system is an application system of Excellent Infotek Corporation. EIC e-document system is an application system of Excellent Infotek Corporation. It provides precise, simple and standardized XML document forms to simplify the process of writing and...

Simple E-Document 1.31 - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m...

Simple E-Document 1.31 - 'username' SQL Injection

Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m Software Link:...

Simple E-Document 1.31 - username SQL Injection

Simple E-Document 1.31 - username SQL Injection Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage:...

Simple E-Document 1.31 SQL Injection

Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m Software Link:...

CVE-2014-10020

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter...

Sql injection

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2014-10020

CVE-2014-10020 describes an SQL injection in login.php of Simple e-document 1.31, exploitable by remote attackers via the username parameter. The affected component is the login routine; the underlying cause is improper input handling allowing arbitrary SQL execution. The NVD data assigns a CVSS ...

CVE-2014-10020

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter...

Simple e-document 1.31 - Login bypass

No description provided by source. + Exploit: Simple e-document v1.31 Login Bypass + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777sec + version: Simple e-document v1.31 + Vendor Homepage: http://sourceforge.net/projects/simplee-doc/files/ 1 Sql Injection on username field PoC:...

Simple E-Document upload Remote Code Execution

A remote code execution vulnerability has been found in Simple E-Document. The vulnerability is due to the access cookie which could be abused to bypass authentication. A remote attacker can exploit this weakness to upload malicious PHP files which could result in arbitrary code execution in the...

Simple E-Document 1.31 /upload.php 文件上传漏洞

No description provided by source...

Simple E-Document‘upload.php’任意文件上传漏洞

Bugtraq ID:65175 Simple E-Document是TECOrange团队开发的一套专用于接收大量邮件的办公室、组织和个人文档管理系统。 Simple E-Document中存在任意文件上传漏洞，该漏洞源于程序没有充分过滤用户提交的输入。攻击者可利用该漏洞上传任意文件，导致在受影响应用程序上下文中执行任意代码。Simple E-Document 1.31版本中存在漏洞，其他版本也可能受到影响。 0 Simple E-Document 1.31 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Simple E-Document Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Simple E-Document Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Simple...

Simple E-Document Arbitrary File Upload Exploit

This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads...

Simple E-Document Arbitrary File Upload

This module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabl...

Simple E-Document 1.31 SQL Injection

Exploit: Simple e-document v1.31 Login Bypass + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777sec + version: Simple e-document v1.31 + Vendor Homepage: http://sourceforge.net/projects/simplee-doc/files/ 1 Sql Injection on username field PoC: username=-4731' OR 2708=2708 Burp...