CVE-2019-9759

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile11.60th

Published2019年4月2日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.

Affected Platforms (CPE)

📦

Tongda2000

Office Anywhere

= 10.18.190121

References & Advisories

🔗 http://expzh.com/TONGDA-OA-SQL-Injection.pdf

相关漏洞威胁

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-1215310.0

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access netw...