ID
VAR-201706-1138
TITLE
SQL injection vulnerability in mode parameter of GetBoxyStatus.ashx file in ioffice OA system
Trust: 0.6
DESCRIPTION
Hongfan Computer Technology Co., Ltd. is a high-tech enterprise controlled by CSSC Marine and Defense Equipment Co., Ltd. (CSIC Defense), and is an important part of the state-level technology center. The ioffice OA system involves hospital, government, military, and group industries. There is a SQL injection vulnerability in the mode parameter of the GetBoxyStatus.ashx file in the ioffice OA system, which is caused by the failure to effectively filter the parameters submitted by the user. An attacker could use the vulnerability to access or modify database data.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | hongfan computer | model: | ioffice oa system | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | SQL Injection Vulnerability in Mode Parameter of GetBoxyStatus.ashx File in iOffice System | url: | https://www.cnvd.org.cn/patchinfo/show/93116 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2017-06131 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2017-06131 |
LAST UPDATE DATE
2022-05-04T09:29:32.990000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-06131 | date: | 2017-05-10T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-06131 | date: | 2017-06-19T00:00:00 |