Submeter #584259: https://www.fengoffice.com/ fengoffice 3.5.1.5 SQL Injectioninformação

Títulohttps://www.fengoffice.com/ fengoffice 3.5.1.5 SQL Injection
DescriçãoThe id_no_select parameter in FengOffice x.x.x.x is SQL injection.A single quote was submitted in the id_no_select parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. Additionally, the payload '+(select*from(select(sleep(20)))a)+' was submitted in the id_no_select parameter. The application took 21140 milliseconds to respond to the request, compared with 355 milliseconds for the original request, indicating that the injected SQL command caused a time delay.
Fonte⚠️ https://github.com/YZS17/CVE/blob/main/SQL/SQLi%20in%20fengoffice_3.5.1.5.md
Utilizador
 XU17 (UID 83703)
Submissão24/05/2025 17h20 (há 1 Ano)
Moderação01/06/2025 12h55 (8 days later)
EstadoAceite
Entrada VulDB310766 [Fengoffice Feng Office 3.5.1.5 index.php?c=account&a=set_timezone tz_offset Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!