Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fengoffice Feng Office index.php sql injection
Vulnerability Description
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Feng Office 注入漏洞
Vulnerability Description
Feng Office(前称OpenGoo)是Feng Office团队的一套开源的网上办公系统。该系统提供任务管理、日程管理、文件管理以及Email收发等功能。 Feng Office 3.5.1.5版本存在注入漏洞,该漏洞源于文件/index.php中参数tz_offset的错误操作导致SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A