12 matches found
EUVD-2023-58877
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2023-6655
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the...
CVE-2023-6655
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
CVE-2023-6655
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
Sql injection
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
CVE-2023-6655 Hongjing e-HR Login Interface loadhistroyorgtree sql injection
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
CVE-2023-6655
CVE-2023-6655 affects Hongjing e-HR 2020. The vulnerability resides in the Login Interface, specifically the file path …/loadhistroyorgtree, where manipulating the parameter parentid leads to a SQL injection . The issue is described as exploitable remotely and publicly disclosed (VDB-247358). Som...
CVE-2023-6655 Hongjing e-HR Login Interface loadhistroyorgtree sql injection
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
用友NC人力资源管理(e-HR) /hrss/rm/PositionDetail.jsp SQL注入漏洞
No description provided by source...
用友人力资源管理软件全版本XXE漏洞
简要描述: 用友人力资源管理软件全版本XXE漏洞 详细说明: i-漏洞描述 e-hr在登陆及重置密码处理时,使用xml将用户名、密码及验证码传递给后端进行解析处理,而后端对传进来的xml文件并未作严谨验证导致,可以传进构造的恶意xml文件进行查看文件及ssrf。 由于之前提交未通过,说是与一个注入重复可能是我上次的提交说的不够详细,so不管怎样请漏洞审查者对此漏洞进行再次认真考量。谢谢 ii-漏洞证明 google/baidu搜索inurl:/hrss/login.jsp 以搜索出的ehr.mc2.cn进行演示其他的有的较敏感,有的有防火墙。 主页打开效果: 登陆抓包: POST...
Yonyou e-HR /hrss/rm/ResetPwd.jsp SQL注入漏洞
No description provided by source...
用友人力资源管理(e-HR)SQL注入漏洞
简要描述: ----------------------------------- 说点啥 详细说明: /hrss/rm/PositionDetail.jsp文件中PKEMPTYJOB参数存在SQL注入漏洞 直接丢SQLMAP里跑: http://219.140.193.253/hrss/rm/PositionDetail.jsp?PKEMPTYJOB=1001A11000000000G9WA& GET parameter 'PKEMPTYJOB' is vulnerable. Do you want to keep testing the others if any? y/N N...