File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 泛微 e-cology 9 协同办公系统的 /mobile/plugin/browser.jsp 接口存在 SQL 注入漏洞。该系统由泛微为中大型组织打造,集知识管理、人力管理、客户管理、流程管理等功能于一体。由于对用户输入数据缺乏充分校验,未经身份认证的远程攻击者可通过向 keyword 参数传入经过三层 URL 编码的恶意 SQL 语句,利用 UNION 注入方式获取数据库中的敏感信息,包括数据库版本、用户凭证等。该漏洞影响 e-cology V9 系列中低于 10.56 的版本。"
3+ published = " 2023-04-06"
4+ remediation = " 升级至泛微 e-cology V10.56 或更高版本。官方安全补丁下载中心(https://www.weaver.com.cn/cs/securityDownload.asp)已提供适用于 E9 产品的全量安全补丁(当前最新 v10.80)及基于 v10.56 的增量安全补丁包。升级前请备份应用与数据库,按照官方升级操作说明进行部署;同时建议在 WAF 层对 /mobile/plugin/browser.jsp 接口的 keyword 参数设置严格的输入过滤规则,拦截 SQL 注入特征请求。"
5+ score = 7.5
6+ severity = " HIGH"
7+ sources = [" nuclei" ]
8+ title = " 泛微 e-cology 9 协同办公系统 SQL 注入漏洞"
9+ updated = " 2026-07-14"
10+
11+ [exploit ]
12+ exp_urls = []
13+ poc_urls = []
14+
15+ [id ]
16+ aliases = [" NUCLEI-HTTP-CNVD-2023-CNVD-2023-12632-YAML" ]
17+ ave_id = " AVE-2023-0116"
18+
19+ [meta ]
20+ collected_at = " 2026-07-14T22:06:45.944548366+00:00"
21+ status = " completed"
22+
23+ [references ]
24+ urls = [
25+ " https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2023/CNVD-2023-12632.yaml" ,
26+ " https://blog.csdn.net/qq_50854662/article/details/129992329" ,
27+ " https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003" ,
28+ " https://www.weaver.com.cn/cs/securityDownload.asp" ,
29+ ]
You can’t perform that action at this time.
0 commit comments