VYPR

Xinhu OA System

by Xinhu OA System

CVEs (1)

  • CVE-2020-18019HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.02

    SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.