File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 宏景eHR人力资源管理软件存在SQL注入漏洞,未经过身份认证的远程攻击者可利用categories参数构造恶意SQL语句,执行任意SQL指令,从而窃取后端数据库中敏感信息,如用户凭证、人事数据等。"
3+ published = " 2023-06-01"
4+ remediation = " 升级宏景eHR至8.2或更高版本,联系厂商获取安全补丁。同时建议对categories参数实施严格的输入过滤和参数化查询,防止SQL注入攻击。"
5+ score = 9.8
6+ severity = " CRITICAL"
7+ sources = [
8+ " nuclei" ,
9+ " cnvd" ,
10+ ]
11+ title = " 宏景eHR人力资源管理系统SQL注入漏洞"
12+ updated = " 2026-07-14"
13+
14+ [exploit ]
15+ exp_urls = []
16+ poc_urls = []
17+
18+ [id ]
19+ aliases = [
20+ " NUCLEI-HTTP-CNVD-2023-CNVD-2023-08743-YAML" ,
21+ " CNVD-2023-08743" ,
22+ ]
23+ ave_id = " AVE-2023-0115"
24+
25+ [meta ]
26+ collected_at = " 2026-07-14T21:39:51.265095406+00:00"
27+ status = " completed"
28+
29+ [references ]
30+ urls = [
31+ " https://blog.csdn.net/qq_41904294/article/details/130944159" ,
32+ " https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2023/CNVD-2023-08743.yaml" ,
33+ ]
You can’t perform that action at this time.
0 commit comments