VYPR
High severity7.5NVD Advisory· Published Apr 28, 2021· Updated Jun 17, 2026

CVE-2020-18019

CVE-2020-18019

Description

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.

Affected products

2

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.