CVE-2023-6655 | Hongjing e-HR 2020 Login Interface loadhistroyorgtree parentid sql injection

Posted by Angelo Barbosa | Dec 9, 2023 | CVE

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection.

This vulnerability is handled as CVE-2023-6655. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2023-6655 | Hongjing e-HR 2020 Login Interface loadhistroyorgtree parentid sql injection

Related Posts

CVE-2024-42625 | FrogCMS 0.9.5 /admin/ cross-site request forgery

CVE-2024-39275 | Advantech ADAM-5630 up to 2.5.1 persistent cookies containing sensitive information (icsa-24-270-02)

CVE-2024-3163 | Easy Property Listings Plugin up to 3.5.3 on WordPress cross-site request forgery

CVE-2024-29726 | SportsNET 4.0.1 /app/ax/setAsRead/ id sql injection