Skip to content

Commit 2b0ee58

Browse files
committed
add: AVE-2023-0115
1 parent 4c9fea2 commit 2b0ee58

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

vulns/2023/AVE-2023-0115.toml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
[basic]
2+
description = "宏景eHR人力资源管理软件存在SQL注入漏洞,未经过身份认证的远程攻击者可利用categories参数构造恶意SQL语句,执行任意SQL指令,从而窃取后端数据库中敏感信息,如用户凭证、人事数据等。"
3+
published = "2023-06-01"
4+
remediation = "升级宏景eHR至8.2或更高版本,联系厂商获取安全补丁。同时建议对categories参数实施严格的输入过滤和参数化查询,防止SQL注入攻击。"
5+
score = 9.8
6+
severity = "CRITICAL"
7+
sources = [
8+
"nuclei",
9+
"cnvd",
10+
]
11+
title = "宏景eHR人力资源管理系统SQL注入漏洞"
12+
updated = "2026-07-14"
13+
14+
[exploit]
15+
exp_urls = []
16+
poc_urls = []
17+
18+
[id]
19+
aliases = [
20+
"NUCLEI-HTTP-CNVD-2023-CNVD-2023-08743-YAML",
21+
"CNVD-2023-08743",
22+
]
23+
ave_id = "AVE-2023-0115"
24+
25+
[meta]
26+
collected_at = "2026-07-14T21:39:51.265095406+00:00"
27+
status = "completed"
28+
29+
[references]
30+
urls = [
31+
"https://blog.csdn.net/qq_41904294/article/details/130944159",
32+
"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2023/CNVD-2023-08743.yaml",
33+
]

0 commit comments

Comments
 (0)