diff --git a/Weaver_E-office_flow_xml.php_file_SORT_ID_parameter_SQL_injection_vulnerability.md b/Weaver_E-office_flow_xml.php_file_SORT_ID_parameter_SQL_injection_vulnerability.md new file mode 100644 index 0000000..8323b65 --- /dev/null +++ b/Weaver_E-office_flow_xml.php_file_SORT_ID_parameter_SQL_injection_vulnerability.md @@ -0,0 +1,14 @@ + + +## Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability + +| **Vulnerability** | Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability | +| :----: | :-----| +| **Chinese name** | 泛微 E-office flow_xml.php 文件 SORT_ID 参数 SQL 注入漏洞 | +| **CVSS core** | 7.8 | +| **FOFA Query** (click to view the results directly)| [body="href=\"/eoffice" \|\| body="/eoffice10/client" \|\| body="eoffice_loading_tip" \|\| body="eoffice_init" \|\| header="general/login/index.php" \|\| banner="general/login/index.php" \|\| body="/general/login/view//images/updateLoad.gif" \|\| (body="szFeatures" && body="eoffice") \|\| header="eOffice" \|\| banner="eOffice"](https://en.fofa.info/result?qbase64=Ym9keT0iaHJlZj1cIi9lb2ZmaWNlIiB8fCBib2R5PSIvZW9mZmljZTEwL2NsaWVudCIgfHwgYm9keT0iZW9mZmljZV9sb2FkaW5nX3RpcCIgfHwgYm9keT0iZW9mZmljZV9pbml0IiB8fCBoZWFkZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBiYW5uZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBib2R5PSIvZ2VuZXJhbC9sb2dpbi92aWV3Ly9pbWFnZXMvdXBkYXRlTG9hZC5naWYiIHx8IChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJlb2ZmaWNlIikgfHwgaGVhZGVyPSJlT2ZmaWNlIiB8fCBiYW5uZXI9ImVPZmZpY2Ui)| +| **Number of assets affected** | 21632 | +| **Description** | Weaver e-office is an OA product for small and medium-sized organizations, developed by Weaver Network Technology Co., LTD.There is an SQL injection vulnerability in flow_xml.php, which can be used by attackers to obtain information in the database (for example, administrator background password, site user personal information). | +| **Impact** | An attacker can exploit the SQL injection vulnerability to obtain information from the database (for example, administrator background passwords, site user personal information). | + +![](https://s3.bmp.ovh/imgs/2023/09/25/6a416f12923360a7.gif)