13 matches found
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
EUVD-2025-197726
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249
Jiusi OA fixes unrevealed function in OfficeServer Interface where manipulating FileData in /OfficeServer?isAjaxDownloadTemplate=false enables unrestricted upload. Affects Jiusi OA up to 20251102 and can be exploited remotely; exploit has been publicly disclosed. Remediation per sources is to upd...
EUVD-2022-42839
Malicious code in bioql PyPI...
CVE-2022-3467
A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2022-3467
A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used...
Sql injection
A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used...
PT-2022-22282 · Jiusi Oa · Jiusi Oa
Name of the Vulnerable Software and Affected Versions: Jiusi OA affected versions not specified Description: A critical vulnerability was found in Jiusi OA, affecting an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the inforid argument leads to SQL...
CVE-2022-3467 Jiusi OA hntdCustomDesktopActionContent sql injection
A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2022-3467
CVE-2022-3467 affects Jiusi OA. SQL injection in /jsoa/hntdCustomDesktopActionContent via the inforid parameter (unknown functionality) with public exploit; CVSS v3.1 metrics show high impact (confidentiality/ integrity/ availability) and a base score of 9.8. No explicit remediation/version detai...