CVE-2023-6655 | Hongjing e-HR 2020 Login Interface loadhistroyorgtree parentid sql injection

Posted by Angelo Barbosa | Dec 9, 2023 | CVE

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection.

This vulnerability is handled as CVE-2023-6655. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2023-6655 | Hongjing e-HR 2020 Login Interface loadhistroyorgtree parentid sql injection

Related Posts

CVE-2024-41270 | Gorush 1.18.4 RunHTTPServer certificate validation

CVE-2024-5589 | Netentsec NS-ASG Application Security Gateway 6.3 config_MT.php Mid sql injection

CVE-2023-6729 | Nokia 7250 IXR 24 SFTP/SCP access control

CVE-2024-41930 | Media Fusion MF Teacher Performance Management System 6 cross site scripting