Create Weaver_E-office_flow_xml.php_file_SORT_ID_parameter_SQL_injection_vulnerability.md

Weaver_E-office_flow_xml.php_file_SORT_ID_parameter_SQL_injection_vulnerability.md

@@ -0,0 +1,14 @@
+
+
+## Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability
+
+|   **Vulnerability**  | 	Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability  |
+| :----:   | :-----|
+|  **Chinese name**  | 	泛微 E-office flow_xml.php 文件 SORT_ID 参数 SQL 注入漏洞 |
+| **CVSS core**  | 	7.8 |
+| **FOFA Query**  (click to view the results directly)| [body="href=\"/eoffice" \|\| body="/eoffice10/client" \|\| body="eoffice_loading_tip" \|\| body="eoffice_init" \|\| header="general/login/index.php" \|\| banner="general/login/index.php" \|\| body="/general/login/view//images/updateLoad.gif" \|\| (body="szFeatures" && body="eoffice") \|\| header="eOffice" \|\| banner="eOffice"](https://en.fofa.info/result?qbase64=Ym9keT0iaHJlZj1cIi9lb2ZmaWNlIiB8fCBib2R5PSIvZW9mZmljZTEwL2NsaWVudCIgfHwgYm9keT0iZW9mZmljZV9sb2FkaW5nX3RpcCIgfHwgYm9keT0iZW9mZmljZV9pbml0IiB8fCBoZWFkZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBiYW5uZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBib2R5PSIvZ2VuZXJhbC9sb2dpbi92aWV3Ly9pbWFnZXMvdXBkYXRlTG9hZC5naWYiIHx8IChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJlb2ZmaWNlIikgfHwgaGVhZGVyPSJlT2ZmaWNlIiB8fCBiYW5uZXI9ImVPZmZpY2Ui)|
+| **Number of assets affected**  | 	21632 |
+| **Description**  | 	Weaver e-office is an OA product for small and medium-sized organizations, developed by Weaver Network Technology Co., LTD.There is an SQL injection vulnerability in flow_xml.php, which can be used by attackers to obtain information in the database (for example, administrator background password, site user personal information). |
+| **Impact** | 	An attacker can exploit the SQL injection vulnerability to obtain information from the database (for example, administrator background passwords, site user personal information). |
+
+![](https://s3.bmp.ovh/imgs/2023/09/25/6a416f12923360a7.gif)