VYPR

Oa

by Cnoa

CVEs (51)

  • CVE-2023-3826Jul 22, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resumeid leads to sql…

  • CVE-2023-3801Jul 20, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit…

  • CVE-2023-3799Jul 20, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=article/category/del of the component Delete Category Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2023-3791Jul 20, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched…

  • CVE-2023-3621Jul 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The manipulation leads to sql injection. It is possible to launch the attack…

  • CVE-2023-3478Jun 30, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The…

  • CVE-2023-2799May 18, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has…

  • CVE-2023-2765May 17, 2023
    risk 0.00cvss epss 0.02

    A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated…

  • CVE-2023-2738May 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to…

  • CVE-2022-3467Oct 12, 2022
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the…

  • CVE-2019-16133Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under…

Page 3 of 3