| Titel | BeiJing Seeyon Internet Software Corp. Seeyon FE Collaborative Office Platform V5.5.2 SQL Injection |
|---|
| Beschreibung | SQL Injection Vulnerability in Seeyon FE Collaborative Office Platform /sysform/042/check.js%70 Endpoint
A SQL injection vulnerability exists in the FE Collaborative Office Platform developed by Beijing Seeyon Internet Software Corp. An attacker can exploit this vulnerability by crafting malicious requests to access sensitive information from the database. The affected system is the Seeyon FE platform (note: this is not a product of FeiQi Internet).
The vulnerability lies in the name parameter of the endpoint, which lacks proper input filtering. Attackers can inject malicious SQL payloads (e.g., 11';WAITFOR+DELAY+'0:0:2'--+-) to perform blind time-based SQL injection and extract sensitive database information. |
|---|
| Quelle | ⚠️ https://github.com/Angel12345623/CVE/blob/main/CVE_1.md |
|---|
| Benutzer | Angel (UID 83159) |
|---|
| Einreichung | 25.03.2025 06:52 (vor 1 Jahr) |
|---|
| Moderieren | 07.04.2025 12:13 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 303647 [Seeyon Zhiyuan Interconnect FE Collaborative Office Platform /sysform/042/check.js%70 SQL Injection] |
|---|
| Punkte | 20 |
|---|