High severity7.5NVD Advisory· Published Apr 28, 2021· Updated Jun 17, 2026
CVE-2020-18019
CVE-2020-18019
Description
SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.
Affected products
2- Xinhu/OA Systemdescription
- Range: =1.8.3
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.