GobyVuls/SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md at 473574e90ebda55938c7dea6730e9571c00f49f9

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00

add SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag

2023-05-12 18:17:45 +08:00

SQL injection exists on Lotus ERP DictionaryEdit.aspx pag

Vulnerability	SQL injection exists on Lotus ERP DictionaryEdit.aspx pag
Chinese name	商混ERP系统 DictionaryEdit.aspx 页面存在SQL注入
CVSS core	8.5
FOFA Query (click to view the results directly)	title="商混ERP系统"
Number of assets affected	616
Description	Hangzhou Lotus Software Co., Ltd. developed the commercial ERP system. This system mainly deals with the management of the mixing station of the construction company or various projects, including the sales module, production management module, laboratory module, personnel management, etc. The company's commercial concrete ERP system/Sys/DictionaryEdit dict at aspx_ SQL error injection vulnerability exists in the key parameter, which allows attackers to obtain database permissions.
Impact	In addition to taking advantage of SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write Trojan horses to the server under high permissions to further obtain server system permissions.