25 matches found
EUVD-2021-28757
Malicious code in bioql PyPI...
CVE-2021-41746
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information...
Sql injection
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information...
CVE-2021-41746
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information...
CVE-2021-41746
CVE-2021-41746 is a SQL injection vulnerability in all versions of Yonyou TurboCRM reachable via the orgcode parameter in changepswd.php. Attackers could use this to obtain sensitive database information. The Red Hat and CVE-tracking records confirm the same issue. The connected documents do not ...
Yonyou TurboCrm SQL注入漏洞
Yonyou TurboCrm is a customer relationship management system from China's UFIDA Network Technology Yonyou. Yonyou TurboCRM.via suffers from a SQL injection vulnerability that allows an attacker to obtain sensitive database information via the orgcode parameter in changepswd.php...
Unauthorized Access Vulnerability in UFIDA TurboCRM
UFIDA TurboCRM is a customer relationship management system. An unauthorized access vulnerability exists in UFIDA TurboCRM. An attacker can exploit the vulnerability to obtain sensitive information...
SQL Injection Vulnerability in UFIDA TurboCRM
UFIDA TurboCRM is a customer relationship management system. UFIDA TurboCRM suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information from the database...
Override Access Vulnerability in TurboCRM
TruboCRM Management System is a customer relationship management system. An override access vulnerability exists in TurboCRM, which can be exploited by an attacker to log in and access unauthorized pages...
用友TruboCRM管理系统 updateactivityemailnum.php 存在sql注入漏洞
No description provided by source...
用友TruboCRM管理系统 /background/onlinemeetingstatus.php ID 参数SQL注入漏洞
No description provided by source...
用友TruboCRM管理系统 /background/smsstatusreport.php ID 参数SQL注入漏洞
No description provided by source...
用友TruboCRM管理系统 /background/sendsms.php ID 参数SQL注入漏洞
No description provided by source...
用友TruboCRM管理系统 /login/forgetpswd.php loginname 参数SQL注入漏洞
No description provided by source...
用友TurboCRM /ajax/getemaildata.php 任意文件读取漏洞
漏洞信息: 用友TurboCRM客户关系管理系统是一套基于B/S架构、互联网模式应用普及的信息化趋势,专为中小企业提供包括客户管理、销售管理、项目管理等应用的在线CRM。 用友TurboCRM /ajax/getemaildata.php 存在任意文件读取漏洞导致敏感信息泄漏。 漏洞分析: 漏洞存在于/ajax/getemaildata.php filePath参数未有效过滤,导致可以使用 ../../ 越权读取任意文件。 可使用以下URl测试读取系统文件:...
用友TurboCRM管理系统swfupload.php任意文件上传漏洞
No description provided by source...
TurboCRM /pub/bgtaskreq.php SQL注入
No description provided by source...
用友CRM注入漏洞(无需登录通杀所有版本)
简要描述: 用友某系统注入漏洞,无需登录,通杀所有版本 详细说明: 用友TurboCRM存在通用sql注入。 http://crm.varsal.com.cn:8081/login/login.php 如下图找到找回密码页 访问 http://crm.varsal.com.cn:8081/login/changepswd.php?orgcode=1&loginname=system 输入信息抓包 POST /login/changepswd.php?orgcode=1&loginname=system HTTP/1.1 Host: crm.varsal.com.cn:8081...
用友TurboCRM SQL盲注(通杀所有版本)
简要描述: 最近用友高产,不知道重复没; 详细说明: 漏洞文件: /background/recievesms.php /background/timeoutlogin.php $sql = "UPDATE tcbackgroundtask SET planstarttime=".tdbtodatebystring $timestr ." WHERE orgid=0 AND bgtaskid=".$ID; $gblDB-execute $sql ; $sql = "SELECT bgserverip FROM tcbackgroundtask WHERE orgid=0 AND...
用友TurboCRM存在基于时间的SQL盲注(sa权限)
简要描述: 暴东西有点慢。但是权限还挺高啊 详细说明: login/forgetpswd.php出的问题 漏洞证明: 界面 http://220.178.27.116:8001/login/forgetpswd.php?ClearS=1&loginname=1 当前数据库turbocrm70 http://www.kdlian.com:8001/login/forgetpswd.php?ClearS=1&loginname=1 当前用户sa https://images.seebug.org/upload/201408/07000059107c8c789b448073eb205a3c...