CVE-2020-18019

Published: 2021-04-28T14:15Z

Last Modified: 2024-11-21T05:08Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt