CVE-2020-18019

HIGH

Xinhu OA System <1.8.3 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0152
EPSS Percentile 71.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
xinfu/oa_system 1.8.3
Published Apr 28, 2021
Tracked Since Feb 18, 2026