From a75adccc5ea1b382c013935d51ebd58e05cdaf40 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Fri, 14 Jul 2023 11:29:33 +0800
Subject: [PATCH] Create
 Glodon-Linkworks_GetUserByEmployeeCode_employeeCode_SQL_Injection_Vulnerability.md

add Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability
---
 ...eCode_employeeCode_SQL_Injection_Vulnerability.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 Glodon-Linkworks_GetUserByEmployeeCode_employeeCode_SQL_Injection_Vulnerability.md

diff --git a/Glodon-Linkworks_GetUserByEmployeeCode_employeeCode_SQL_Injection_Vulnerability.md b/Glodon-Linkworks_GetUserByEmployeeCode_employeeCode_SQL_Injection_Vulnerability.md
new file mode 100644
index 0000000..94f1dbd
--- /dev/null
+++ b/Glodon-Linkworks_GetUserByEmployeeCode_employeeCode_SQL_Injection_Vulnerability.md
@@ -0,0 +1,12 @@
+## Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability
+
+|   **Vulnerability**  | **Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability**  |
+| :----:   | :-----|
+| **Chinese name**  | 广联达-Linkworks 协同办公管理平台 GetUserByEmployeeCode 文件 employeeCode 参数 SQL注入漏洞 |
+| **CVSS core**  | 7.5 |
+| **FOFA Query**  (click to view the results directly)| [body="Services/Identification/login.ashx" \|\| header="Services/Identification/login.ashx" \|\| banner="Services/Identification/login.ashx"](https://en.fofa.info/result?qbase64=Ym9keT0iU2VydmljZXMvSWRlbnRpZmljYXRpb24vbG9naW4uYXNoeCIgfHwgaGVhZGVyPSJTZXJ2aWNlcy9JZGVudGlmaWNhdGlvbi9sb2dpbi5hc2h4IiB8fCBiYW5uZXI9IlNlcnZpY2VzL0lkZW50aWZpY2F0aW9uL2xvZ2luLmFzaHgi) |
+| **Number of assets affected**  | 27341 |
+| **Description**  | Glodon-Linkworks collaborative office management platform is a management system that focuses on the entire life cycle of engineering projects and provides customers with digital software and hardware products and solutions.Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords. |
+| **Impact** | Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords. |
+
+![](https://s3.bmp.ovh/imgs/2023/07/14/30159400f31ca801.gif)