GobyVuls/Glodon-Linkworks_GetUserByEmployeeCode_employeeCode_SQL_Injection_Vulnerability.md

## Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability

|   **Vulnerability**  | **Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability**  |
| :----:   | :-----|
| **Chinese name**  | 广联达-Linkworks 协同办公管理平台 GetUserByEmployeeCode 文件 employeeCode 参数 SQL注入漏洞 |
| **CVSS core**  | 7.5 |
| **FOFA Query**  (click to view the results directly)| [body="Services/Identification/login.ashx" \|\| header="Services/Identification/login.ashx" \|\| banner="Services/Identification/login.ashx"](https://en.fofa.info/result?qbase64=Ym9keT0iU2VydmljZXMvSWRlbnRpZmljYXRpb24vbG9naW4uYXNoeCIgfHwgaGVhZGVyPSJTZXJ2aWNlcy9JZGVudGlmaWNhdGlvbi9sb2dpbi5hc2h4IiB8fCBiYW5uZXI9IlNlcnZpY2VzL0lkZW50aWZpY2F0aW9uL2xvZ2luLmFzaHgi) |
| **Number of assets affected**  | 27341 |
| **Description**  | Glodon-Linkworks collaborative office management platform is a management system that focuses on the entire life cycle of engineering projects and provides customers with digital software and hardware products and solutions.Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords. |
| **Impact** | Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords. |

![](https://s3.bmp.ovh/imgs/2023/07/14/30159400f31ca801.gif)