Details of VAR-201706-1112

ID

VAR-201706-1112

TITLE

SQL injection vulnerability exists in the WSLoginMobile.asmx? wsdl parameter of the iOffice system

Trust: 0.6

sources: CNVD: CNVD-2017-06431

DESCRIPTION

Hongfan iOffice system is based on Microsoft's .NET technology. It is a mobile information system based on portable terminals such as notebooks and mobile phones. There is a SQL injection vulnerability in the WSLoginMobile.asmx? wsdl parameter of the iOffice system. The vulnerability is caused by failure to effectively filter the data submitted by users, allowing attackers to use the vulnerability to obtain database sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2017-06431

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-06431

AFFECTED PRODUCTS

vendor:

hongfan computer

model:

ioffice

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2017-06431

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-06431
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-06431
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-06431

PATCH

title:

iOffice system has SQL injection vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/93399

Trust: 0.6

sources: CNVD: CNVD-2017-06431

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-06431

Trust: 0.6

sources: CNVD: CNVD-2017-06431

SOURCES

db:

CNVD

id:

CNVD-2017-06431

LAST UPDATE DATE

2022-05-04T10:26:50.135000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-06431

date:

2017-05-15T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-06431

date:

2017-06-23T00:00:00