| Title | BeiJing Seeyon Internet Software Corp. Zhiyuan Interconnect FE Collaborative Office Platform security_addUser.jsp SQL Injection |
|---|
| Description | The FE Collaborative Office Platform developed by Beijing Zhiyuan Interconnect Software Co., Ltd. contains an SQL injection vulnerability in the /security/addUser.jsp interface. The input parameters are not properly filtered, allowing attackers to craft malicious requests that trigger the SQL injection vulnerability. Successfully exploiting this vulnerability can lead to the leakage of sensitive database information (such as user credentials and system configurations). Some verified affected systems have a database user with sa (system administrator) privileges, representing a high risk.
● Affected Product: Zhiyuan Interconnect FE Collaborative Office Platform (Note: Not the Feiqi Interconnect products).
● Verification Feature: Potentially affected assets can be identified by searching app="Zhiyuan Interconnect-FE" using network space mapping tools like Fofa.
Technical Details: The groupId parameter is not filtered, and attackers can inject characters (such as 1*) to trigger database errors or blind injections. |
|---|
| Source | ⚠️ https://github.com/CloudRoam7/CVE/blob/main/CVE_1.md |
|---|
| User | cloudroam (UID 81847) |
|---|
| Submission | 02/23/2025 05:48 AM (1 Year ago) |
|---|
| Moderation | 03/06/2025 09:46 AM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298772 [Seeyon Zhiyuan Interconnect FE Collaborative Office Platform /security/addUser.jsp sql injection] |
|---|
| Points | 20 |
|---|