| タイトル | BeiJing Seeyon Internet Software Corp. Seeyon FE Collaborative Office Platform V5.5.2 SQL Injection |
|---|
| 説明 | SQL Injection Vulnerability in Seeyon FE Collaborative Office Platform /sysform/042/check.js%70 Endpoint
A SQL injection vulnerability exists in the FE Collaborative Office Platform developed by Beijing Seeyon Internet Software Corp. An attacker can exploit this vulnerability by crafting malicious requests to access sensitive information from the database. The affected system is the Seeyon FE platform (note: this is not a product of FeiQi Internet).
The vulnerability lies in the name parameter of the endpoint, which lacks proper input filtering. Attackers can inject malicious SQL payloads (e.g., 11';WAITFOR+DELAY+'0:0:2'--+-) to perform blind time-based SQL injection and extract sensitive database information. |
|---|
| ソース | ⚠️ https://github.com/Angel12345623/CVE/blob/main/CVE_1.md |
|---|
| ユーザー | Angel (UID 83159) |
|---|
| 送信 | 2025年03月25日 06:52 (1 年 ago) |
|---|
| モデレーション | 2025年04月07日 12:13 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 303647 [Seeyon Zhiyuan Interconnect FE Collaborative Office Platform /sysform/042/check.js%70 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|