RSS   Podatności dla 'E-document system'   RSS

2021-06-16
 
CVE-2021-34683

CWE-200
 

 
An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page.

 
2021-03-17
 
CVE-2021-22860

CWE-287
 

 
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users�?? credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.

 
 
CVE-2021-22859

CWE-89
 

 
The users�?? data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.

 


Copyright 2024, cxsecurity.com

 

Back to Top