Exploit for Command Injection in Tp-Link Archer_Ax21_Firmware CVE-2023-1389 CVE-2023-2523 CVE-2023-2648 CVE-2023-4166 CVE-2023-49442 CVE-2024-36104 CVE-2024-36401

Name: Exploit for Command Injection in Tp-Link Archer_Ax21_Firmware CVE-2023-1389 CVE-2023-2523 CVE-2023-2648 CVE-2023-4166 CVE-2023-49442 CVE-2024-36104 CVE-2024-36401
Rating: 5 (357 reviews)
2024-05-08 | CVSS 9.8
## https://sploitus.com/exploit?id=A45D2418-7F08-523D-ACA8-C9B6F086DA3A
# ntps

nuclei templates


## headless

* [bing-search](headless/bing-search.yaml)


## http-cves


### 2023

* [CVE-2023-1389](http/cves/2023/CVE-2023-1389.yaml)
* [CVE-2023-2523](http/cves/2023/CVE-2023-2523.yaml)
* [CVE-2023-2648](http/cves/2023/CVE-2023-2648.yaml)
* [CVE-2023-49442](http/cves/2023/CVE-2023-49442.yaml)


### 2024

* [CVE-2024-36104](http/cves/2024/CVE-2024-36104.yaml)
* [CVE-2024-36401](http/cves/2024/CVE-2024-36401.yaml)


## http-technologies

* [EHole Red Team Focused System Fingerprint Detection](http/technologies/hole-web-fingerprints.yaml)


## http-vulnerabilities


### ACE

* [anheng-gateway-rce-cnvd-2023-03898](http/vulnerabilities/anheng/anheng-gateway-rce-cnvd-2023-03898.yaml)
* :: [anheng-mingyu-xmlrpc-sock-ssrf](http/vulnerabilities/anheng/anheng-mingyu-xmlrpc-sock-ssrf.yaml)


### ChangJieTong

* [Changjet TPlus App_Code.ashx has a remote command execution vulnerability](http/vulnerabilities/changjet/changjet-tplus-ajaxpro-rce.yaml)
* [Changjet TPlus DownloadProxy.aspx Arbitrary File Read Vulnerability](http/vulnerabilities/changjet/changjet-tplus-downloadproxy-traversal.yaml)
* [Changjet TPlus KeyInfoList.aspx Existing SQL Injection Vulnerability](http/vulnerabilities/changjet/changjet-tplus-keyinfolist-sqli.yaml)
* [SQL Injection Vulnerability in TPlus KeyEdit.aspx](http/vulnerabilities/changjet/changjet-tplus-keyedit-sqli.yaml)


### ComfyUI

* [comfyui-lfi](http/vulnerabilities/comfyui/comfyui-lfi.yaml)


### Dahua

* [Dahua Intelligent Park Integrated Management Platform user_getUserInfoByUserName.action Account Password Disclosure Vulnerability](http/vulnerabilities/dahua/dahua-passowrd-disclosure.yaml)
* [Dahua Intelligent Park Integrated Management Platform File Upload Vulnerability](http/vulnerabilities/dahua/dahua-publishing-fileupload.yaml)
* [Dahua EIMS searchJson SQL Injection Vulnerability](http/vulnerabilities/dahua/dahua-searchJson-sqli.yaml)
* [Dahua EIMS-capture_handle interface remote command execution vulnerability](http/vulnerabilities/dahua/dahua-eims-capture-handle-rce.yaml)
* [Dahua Smart Park Integrated Management Platform clientServer Interface SQL Injection Vulnerability](http/vulnerabilities/dahua/dahua-smart-park-clientServer-sqli.yaml)
* [Dahua ICC Smart IoT Integrated Management Platform Existence Fastjson Vulnerability](http/vulnerabilities/dahua/dahua-icc-fastjson-rce.yaml)
* [Dahua ICC Any file read vulnerability](http/vulnerabilities/dahua/dahua-icc-readPic-lfi.yaml)


### BangYong

* [Arbitrary File Upload Vulnerability in ExcelIn.aspx of the Bangyong PM2 Project Management Platform System](http/vulnerabilities/ebsoft/ebsoft-pm2-excelin-file-upload.yaml)


### Puyuan

* [Puyuan EOS Platform eos.jmx remote code execution vulnerability](http/vulnerabilities/eos/eos-platform-eos-jmx-rce.yaml)


### Fang Tianyun

* [SQL Injection Vulnerability in GetCompanyItem of Fontaine Cloud Intelligent Platform System](http/vulnerabilities/fangdee/fangdee-getcompanyitem-sqli.yaml)


### SailSoft

* [FanSoft channel interface deserialization vulnerability](http/vulnerabilities/fanruan/fanruan-channel-deserialization.yaml)


### fastadmin

* [Arbitrary file read vulnerability in Fastadmin framework](http/vulnerabilities/fastadmin/fastadmin-framework-lfi.yaml)


### Flying Fish Star

* [Feiyuxing Internet Behavior Management System Enterprise Edition Frontend Remote Command Execution Vulnerability](http/vulnerabilities/feiyuxing/feiyuxing-multiple-service-gateway-rce.yaml)


### Feiyuxing

* [FE Enterprise Operation Management Platform ShowImageServlet Arbitrary File Read Vulnerability](http/vulnerabilities/flyrise/flyrise-fe-ShowImageServlet-fileread.yaml)
* [SQL Injection Vulnerability in ajax_codewidget39.jsp Interface of FE Enterprise Operation Management Platform](http/vulnerabilities/flyrise/flyrise-ajax-codewidget39-sqli.yaml)
* [SQL injection vulnerability in the checkGroupCode.js interface of the FE Enterprise Operations Management Platform](http/vulnerabilities/flyrise/flyrise-fe-checkgroupcode-sqli.yaml)
* [FE Enterprise Operations Management Platform uploadAttachmentServlet has an arbitrary file upload vulnerability](http/vulnerabilities/flyrise/flyrise-fe-uploadAttachmentServlet-uploadfile.yaml) )


### Quanta

* [Quanta OA linkworks GetIMDictionary interface suffers from an SQL injection vulnerability](http/vulnerabilities/glodon/glodon-linkworks-GetIMDictionary-sqli.yaml)
* [XML entity injection vulnerability in the Quanta OA interface ArchiveWebService](http/vulnerabilities/glodon/glodon-linkworks-ArchiveWebService-xxe.yaml)


### Kim Wanwei

* [RCE vulnerability in GNRemote.dll foreground of Jinwanwei CloudLink Application Access Platform](http/vulnerabilities/gnway/gnway-gnremote-rce.yaml)


### Gold Disk

* [goldlib-wechat-info-disclosure](http/vulnerabilities/goldlib/goldlib-wechat-info-disclosure.yaml)


### Xinhuanet

* [h3c-selfservice-flexfileupload-file-upload](http/vulnerabilities/h3c/h3c-selfservice-flexfileupload-fileupload.yaml)


### Handel

* [hand-srm-auth-bypass](http/vulnerabilities/hand/hand-srm-auth-bypass.yaml)


### Hikvision.

* [HiKVISION Integrated Security Management Platform env information disclosure vulnerability](http/vulnerabilities/hikvision/hikvision-env-disclosure.yaml)
* [Hikvision Integrated Security Management Platform Arbitrary File Read Vulnerability](http/vulnerabilities/hikvision/hikvision-iSecureCenter-fileread.yaml)
* [Hikvision Integrated Security Management Platform Arbitrary File Upload Vulnerability](http/vulnerabilities/hikvision/hikvision-iSecureCenter-fileupload.yaml)
* [HiKVISION Integrated Security Management Platform report Any file upload vulnerability](http/vulnerabilities/hikvision/hikvision-report-fileupload.yaml)
* [HiKVISION download arbitrary file read vulnerability](http/vulnerabilities/hikvision/hikvision-orgs-download-lfi.yaml)
* [HiKVISION Integrated Security Management Platform installation remote command execution](http/vulnerabilities/hikvision/hikvision-csmp-installation-rce.yaml)
* [HiKVISION applyAutoLoginTicket remote code execution vulnerability](http/vulnerabilities/hikvision/hikvision-csmp-deserialization.yaml)
* [HiKVISION productFile remote code execution](http/vulnerabilities/hikvision/hikvision-csmp-productfile-rce.yaml)


### Hikvision

* [Macroview eHR Arbitrary File Upload Vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-arbitrary-file-fileupload.yaml)
* [Macroview DisplayExcelCustomReport Arbitrary File Read Vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-DisplayExcelCustomReport-arbitrary-file-read.yaml)
* [SQL Injection Vulnerability in Macroview eHR HRM Software showmediainfo](http/vulnerabilities/hjsoft/hjsoft-ehr-showmediainfo-sqli.yaml)
* [Macroview HCM System fieldsettree Interface SQL Injection Vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-fieldsettree-sqli.yaml)
* [Macroview eHR OutputCode Arbitrary File Read Vulnerability](http/vulnerabilities/hjsoft/hjsoft-eHR-outputcode-lfi.yaml)
* [Macroview eHR showmedia.jsp has SQL injection vulnerability](http/vulnerabilities/hjsoft/hjsoft-ehr-showmedia-sqli.yaml)
* [Macroview HCM pos_dept_post SQL Injection Vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-pos-dept-post-sqli.yaml)
* [SQL Injection Vulnerability at Macroview HCM ajaxService Interface](http/vulnerabilities/hjsoft/hjsoft-eHR-system-sqli.yaml)
* [Macroview eHR DisplayFiles Arbitrary File Read Vulnerability](http/vulnerabilities/hjsoft/hjsoft-servlet-DisplayFiles-fileread.yaml)
* [Macroview eHR HRMS interface DownLoadCourseware has an arbitrary file read vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-downloadcourseware-lfi.yaml)
* [Macroview eHR HRMS interface LoadOtherTreeServlet has SQL injection vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-loadothertree-sqli.yaml)
* [Macroview eHR HRMS interface getSdutyTree has SQL injection vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-getsdutytree-sqli.yaml)
* [Macroview eHR HRMS Interface loadtree SQL Injection Vulnerability](http/vulnerabilities/hjsoft/hjsoft-hcm-loadtree-sqli.yaml)


### Red Sail

* [hongfan-iorepsavexml-fileupload](http/vulnerabilities/hongfan/hongfan-iorepsavexml-fileupload.yaml)
* [hongfan-iodesktopdata-sqli](http/vulnerabilities/hongfan/hongfan-iodesktopdata-sqli.yaml)


### Huatest

* [huace-Config-infoLeak](http/vulnerabilities/huace/huace-Config-infoLeak.yaml)
* [huace-FileDownLoad-fileRead](http/vulnerabilities/huace/huace-FileDownLoad-fileRead.yaml)


### Huatian Power

* [Huatian Power OA system downloadWpsFile has an arbitrary file read vulnerability](http/vulnerabilities/huatian/huatian-oa-ntkodownload-lfi.yaml)
* [SQL Injection Vulnerability in WorkFlowService of Huatian Power OA System](http/vulnerabilities/huatian/huatian-oa-workFlowService-sqli.yaml)
* [Huatian Power OA system downloadWpsFile arbitrary file read vulnerability](http/vulnerabilities/huatian/huatian-oa-downloadwpsfile-lfi.yaml)


### Huatian

* [huawei-auth-http-server-fileread](http/vulnerabilities/huawei/huawei-auth-http-server-fileread.yaml)


### Wave

* [Wave GS Enterprise Management Software bizintegrationwebservice.asmx has a command execution vulnerability](http/vulnerabilities/inspur/inspur-gs-getchildformandentitylist-deserialization .yaml)
* [Wave GS Enterprise Management Software xtdysrv.asmx remote code execution vulnerability](http/vulnerabilities/inspur/inspur-gs-xtdysrv-rce.yaml)


### jeecg-boot

* [jeecg-boot-queryFieldBySql-sqli](http/vulnerabilities/jeecg-boot/jeecg-boot-queryFieldBySql-sqli.yaml)
* :: [jeecg-boot-ssti](http/vulnerabilities/jeecg-boot/jeecg-boot-ssti.yaml)


### jeewms

* [JEEWMS has a command execution vulnerability](http/vulnerabilities/jeewms/jeewms-dynamicDataSourceController-rce.yaml)
* [JEEWMS has a privilege bypass vulnerability](http/vulnerabilities/jeewms/jeewms-privilege-bypass.yaml)
* [JEEWMS has an unauthorized arbitrary file read vulnerability](http/vulnerabilities/jeewms/jeewms-lfi.yaml)


### Kim and

* [Jinhe OA C6 GetSqlData.aspx SQL Injection Vulnerability](http/vulnerabilities/jinhe/jinhe-oa-c6-getSqlData-sqli.yaml)
* [Jinhe OA C6 GetAttOut Interface SQL Injection Vulnerability](http/vulnerabilities/jinhe/jinhe-oa-cj6-getattout-sql-injection.yaml)
* [Jinhe OA C6 FileDownLoad.aspx Arbitrary File Read Vulnerability](http/vulnerabilities/jinhe/jinhe-oa-c6-filedownload-lfi.yaml)
* [Jinhe OA C6 download.jsp Any File Read Vulnerability](http/vulnerabilities/jinhe/jinhe-oa-c6-download-file-read.yaml)
* [Jinhe OA C6 UploadFileDownLoadnew Arbitrary File Read Vulnerability](http/vulnerabilities/jinhe/jinhe-oa-c6-uploadfiledownloadnew-fileread.yaml)
* [Jinhe OA C6 GeneralXmlhttpPage.aspx has a SQL injection vulnerability](http/vulnerabilities/jinhe/jinhe-oa-c6-generalxmlhttppage-sqli.yaml)


### Jinhe

* [Kingdee Cloud Starry CommonFileServer File Read Vulnerability](http/vulnerabilities/kingdee/kingdee-cloud-CommonFileserver-fileread.yaml)
* [Kingdee Cloud Starsky Deserialization Remote Command Execution Vulnerability](http/vulnerabilities/kingdee/kingdee-erp-binaryformatterproxy-deserialization.yaml)


### Koring

* [Koron AIO UtilServlet with arbitrary file read vulnerability](http/vulnerabilities/koron/koron-aio-file-read.yaml)
* [SQL injection vulnerability in the Koron AIO moffice interface](http/vulnerabilities/koron/koron-aio-moffice-sqli.yaml)


### Blue Ling

* [Unauthorized access vulnerability in the Lanling EKP system](http/vulnerabilities/landray/landray-EKP-behavior-uaa.yml)
* [SQL injection vulnerability in the rpt_listreport_definefield.aspx interface of the Landray EIS Intelligent Collaboration Platform](http/vulnerabilities/landray/landray-eis-rpt-listreport-definefield-sqli. yaml)
* [BlueLine KEP Frontend RCE Vulnerability](http/vulnerabilities/landray/landray-ekp-sysUiComponent-rce.yaml)


### Blue Ocean Excellence

* [lanhaizhuoyue-debug-rce](http/vulnerabilities/lanhaizhuoyue/lanhaizhuoyue-debug-rce.yaml)


### UNISoft

* [SQL injection vulnerability in the queryLinklnfo interface of the UnitedSoft Andu system](http/vulnerabilities/leagsoft/leagsoft-uninxg-querylinkinfo-sqli.yaml)


### livebos

* [livebos-showimage-fileread](http/vulnerabilities/livebos/livebos-showimage-fileread.yaml)


### MINGFIELD CMS

* [Mingsoft MCMS v5.2.9 There is SQL injection in the foreground query article list interface](http/vulnerabilities/mcms/mcms-list-do-sqli.yaml)


### Mingyuan Cloud

* [SQL Injection Vulnerability in Mingyuan Cloud ERP](http/vulnerabilities/mingyuanyun/mingyuanyun-erp-vistorweb-xmlhttp-sqli.yaml)


### Chi An Xin

* [qianxin-legendsec-SecGate-upload](http/vulnerabilities/qianxin/qianxin-legendsec-SecGate-upload.yaml)
* [qianxin-legendsec-vpn-auth-bypass](http/vulnerabilities/qianxin/qianxin-legendsec-vpn-auth-bypass.yaml)
* [qianxin-secgate3600-syshandupfile-upload-rce](http/vulnerabilities/qianxin/qianxin-secgate3600-syshandupfile-upload-rce.yaml)
* [qianxin-tianqing-info-disclosure](http/vulnerabilities/qianxin/qianxin-tianqing-info-disclosure.yaml)


### Contract locks

* [Arbitrary Command Execution Vulnerability in param/edits of the Contract Lock eSignature Platform](http/vulnerabilities/qiyuesuo/qiyuesuo-param-edits-rce.yaml)


### Enterprise WeChat

* [qywechat-secret-disclosure](http/vulnerabilities/qywechat/qywechat-secret-disclosure.yaml)


### Run dry

* [Arbitrary File Upload Vulnerability in Run Dry Reports dataSphereServlet Interface](http/vulnerabilities/raqsoft/raqsoft-dataSphereServlet-file-upload.yaml)
* [Arbitrary File Read Vulnerability in RunQian Reports dataSphereServlet Interface](http/vulnerabilities/raqsoft/raqsoft-dataSphereServlet-lfi.yaml)


### Ruiyou

* [Ruiyou Skywing Application Virtualization System SQL Injection Vulnerability](http/vulnerabilities/realor/realor-appdel-sqli.yaml)
* [Ruiyou Skywing Application Virtualization System SQL Injection to Remote Code Execution Vulnerability](http/vulnerabilities/realor/realor-appsave-sqli-rce.yaml)


### Riptide

* [RAGE UAC online_check.php Unauthorized Remote Code Command Execution Vulnerability](http/vulnerabilities/ruijie/ruijie-uac-remote-rce.yaml)
* [Ruijie Campus Self Service System login_judge.jsf Arbitrary File Read Vulnerability](http/vulnerabilities/ruijie/ruijie-campus-selfservice-login-judge-file-read.yaml)


### DeepService

* [sangfor-ad-login-rce](http/vulnerabilities/sangfor/sangfor-ad-login-rce.yaml)


### Ocean CMS

* [SeaCMS Ocean Cinema Management System dmku Existing SQL Injection Vulnerability](http/vulnerabilities/seacms/seacms-dmku-sqli.yaml)


### Zhiyuan

* [OA wpsAssistServlet file templateUrl parameter arbitrary file read vulnerability](http/vulnerabilities/seeyon/seeyon-oa-file-read.yaml)
* [Zhiyuan OA getAjaxDataServlet interface is vulnerable to any XXE vulnerability](http/vulnerabilities/seeyon/seeyon-oa-getAjaxDataServlet-xxe.yaml)
* [Zhiyuan OA M1Server userTokenService interface has a remote command execution vulnerability](http/vulnerabilities/seeyon/seeyon-oa-m1server-userTokenService-rce.yaml)
* [Zhiyuan OA ucpcLogin Login Bypass Vulnerability](http/vulnerabilities/seeyon/seeyon-oa-ucpcLogin-login-bypass.yaml)
* [Zhiyuan OA FanSoft Component ReportServer Directory Traversal Vulnerability](http/vulnerabilities/seeyon/seeyon-oa-reportserver-dir-traversal.yaml)
* [Zhiyuan Internet FE Collaboration Office Platform ncsubjass SQL Injection Vulnerability](http/vulnerabilities/seeyon/seeyon-fe-ncsubjass-sqli.yaml)
* [File Upload Bypass Vulnerability in OA Frontend fileUpload.do](http/vulnerabilities/seeyon/seeyon-oa-fileupload-bypass.yaml)
* [Zhiyuan Internet AnalyticsCloud AnalyticsCloud has an arbitrary file read vulnerability](http/vulnerabilities/seeyon/seeyon-analyticscloud-lfi.yaml)


### Timeless Wise Friends

* [Space and Time Zhiyou Enterprise Process Management System Login File Read Vulnerability](http/vulnerabilities/shikongzhiyou/shikongzhiyou-login_fileread.yaml)
* [Space-time Zhiyou Enterprise Process Management System uploadStudioFile File Upload Vulnerability](http/vulnerabilities/shikongzhiyou/shikongzhiyou-erp-uploadStudioFile-fileupload.yaml)


### smartbi

* [smartbi-windowunloading-rce](http/vulnerabilities/smartbi/smartbi-windowunloading-rce.yaml)


### SkyQuest

* [Arbitrary File Read Vulnerability in Multiple URLs of Tianwen Property ERP System](http/vulnerabilities/tianwen/tianwen-erp-lfi.yaml)


### Tongda

* [Tongda OA v11.8 api.ali.php Arbitrary File Upload Vulnerability](http/vulnerabilities/tongda/tongda-api-ali-fileupload.yaml)
* [Tongda OA delete_log Existing SQL Injection Vulnerability (CVE-2023-4166)](http/vulnerabilities/tongda/tongda-delete-seal-sqli.yaml)
* [Tongda OA privateUpload.php has a foreground arbitrary file upload vulnerability](http/vulnerabilities/tongda/tongda-oa-privateupload-file-upload.yaml)
* [Tongda OA v2017 action_upload.php arbitrary file upload vulnerability](http/vulnerabilities/tongda/tongda-oa-action-upload-file-upload.yaml)
* [Tongda OA go.php has an SQL injection vulnerability](http/vulnerabilities/tongda/tongda-oa-go-php-sqli.yaml)
* [Tongda OA get_file.php arbitrary file download vulnerability](http/vulnerabilities/tongda/tongda-oa-download-attachment-lfi.yaml)
* [SQL injection vulnerability in Tongda OA search_excel.php interface](http/vulnerabilities/tongda/tongda-oa-search-excel-sqli.yaml)
* [SQL injection vulnerability in Tongda OA use_finger.php interface](http/vulnerabilities/tongda/tongda-oa-use-finger-sqli.yaml)


### v-secure

* [v-secure-edr-login-sqli](http/vulnerabilities/v-secure/v-secure-edr-login-sqli.yaml)


### Enlightenment

* [QIC 4A Unified Security Management Platform getMater Information Leakage](http/vulnerabilities/venustech/venustech-4a-getMaster-disclosure.yaml)
* [Qixingchen Tianqing Hanma VPN download interface arbitrary file read](http/vulnerabilities/venustech/venustech-vpn-download-file-read.yaml)


### Wando

* [Wando OA smartUpload.jsp Arbitrary File Upload Vulnerability](http/vulnerabilities/wanhu/wanhu-smartUpload-fileupload.yaml)
* [Wando ezEIP success.aspx has a deserialization vulnerability](http/vulnerabilities/wanhu/wanhu-ezEIP-success-rce.yaml)
* [wanhu ezOFFICE download_ftp.jsp arbitrary file download vulnerability](http/vulnerabilities/wanhu/wanhu-ezoffice-download-ftp-file-read.yaml)
* [Wando ezOFFICE OA officeserver file upload vulnerability](http/vulnerabilities/wanhu/wanhu-ezoffice-officeserver-fileupload.yaml)


### Enterprise Manufacturing

* [wantit-erp-rce](http/vulnerabilities/wantit/wantit-erp-rce.yaml)


### Panmicro/ecology

* [Panavision OA E-Cology deleteUserRequestInfoByXml XXE vulnerability](http/vulnerabilities/weaver/ecology/ecology-deleteUserRequestInfoByXml-xxe.yaml)
* [Panavision OA E-cology filedownloadforoutdoc SQL injection vulnerability](http/vulnerabilities/weaver/ecology/ecology-filedownloadforoutdoc-sqli.yaml)
* [Panavision OA E-cology uploadFiles arbitrary file upload vulnerability](http/vulnerabilities/weaver/ecology/ecology-uploadFiles-temp-upload.yaml)
* [Pan-Micro OA E-cology ResourceServlet Any File Read Vulnerability](http/vulnerabilities/weaver/ecology/ecology-resourceservlet-lfi.yaml)
* [Pan-Micro OA E-Cology JqueryFileTree.jsp Directory Traversal Vulnerability](http/vulnerabilities/weaver/ecology/ecology-jqueryfiletree-directory-traversal.yaml)
* [Panavision OA E-Cology ln.FileDownload arbitrary file read vulnerability](http/vulnerabilities/weaver/ecology/ecology-ln-filedownload-file-read.yaml)
* [Panavision OA E-Cology KtreeUploadAction arbitrary file upload vulnerability](http/vulnerabilities/weaver/ecology/weaver-ecology-ktreeuploadaction-file-upload.yaml)
* [SSRF vulnerability in Panavision OA E-Cology interface getFileViewUrl](http/vulnerabilities/weaver/ecology/weaver-ecology-getfileviewurl-ssrf.yaml)
* [Panavision OA E-Cology Interface WorkflowServiceXml SQL Injection Vulnerability](http/vulnerabilities/weaver/ecology/weaver-ecology-workflowservicexml-sqli.yaml)
* [Panavision OA E-Cology v9 interface WorkPlanService foreground SQL injection vulnerability](http/vulnerabilities/weaver/ecology/ecology-v9-workplanservice-sqli.yaml)


### panmicro/emobile

* [Panmicro E-Mobile installOperate.do SSRF vulnerability](http/vulnerabilities/weaver/emobile/emobile-installOperate-ssrf.yaml)


### panmicro/eoffice

* [Panmicro E-office v10 interface leave_record.php has a SQL injection vulnerability](http/vulnerabilities/weaver/eoffice/eoffice-v10-leave-record-sqli.yaml)


### Rendezvous

* [Rendezvous CRM SmsDataList SQL Injection Vulnerability](http/vulnerabilities/wecrm/wecrm-SmsDataList-sqli.yaml)


### New Cape

* [xinkaipu-service.action-rCmd](http/vulnerabilities/xinkaipu/xinkaipu-service.action-rCmd.yaml)


### Yisetong

* [UploadFileFromClientServiceForClient arbitrary file upload vulnerability in Yisaitong electronic document security management system](http/vulnerabilities/yisaitong/yisaitong- UploadFileFromClientServiceForClient-fileUpload.yaml)
* [Yisaitong Electronic Document Security Management System dataimport remote code execution vulnerability](http/vulnerabilities/yisaitong/yisaitong-dataimport-rce.yaml)
* [Yisaitong Electronic Document Security Management System dlUltrasec Arbitrary File Read Vulnerability](http/vulnerabilities/yisaitong/yisaitong-dlUltrasec-fileread.yaml)
* [Yisaitong Electronic Document Security Management System UploadFileManagerService Arbitrary File Read Vulnerability](http/vulnerabilities/yisaitong/yisaitong-uploadfilemanager-lfi.yaml)
* [Yisaitong Electronic Document Security Management System downloadfromfile arbitrary file read vulnerability](http/vulnerabilities/yisaitong/yisaitong-downloadfromfile-lfi.yaml)
* [SQL injection vulnerability in the SaveCDGPermissionFromGFOA interface of Yisaitong's electronic document security management system](http/vulnerabilities/yisaitong/yisaitong-cdg-permission-sqli.yaml)
* [SQL Injection Vulnerability in NetSecConfigAjax Interface of Yisaitong Electronic Document Security Management System](http/vulnerabilities/yisaitong/yisaitong-netsec-sqli.yaml)
* [SQL Injection Vulnerability in NoticeAjax Interface of Yisaitong Electronic Document Security Management System](http/vulnerabilities/yisaitong/yisaitong-NoticeAjax-sqli.yaml)


### UFIDA

* [Arbitrary file upload vulnerability in the uploadfile.php interface of the UFIDA CRM system](http/vulnerabilities/yonyou/yonyou-crm-arbitrary-file-upload.yaml)
* [UFIDA CRM CRM import.php has an arbitrary file upload vulnerability](http/vulnerabilities/yonyou/yonyou-crm-import-file-upload.yaml)
* [Ufida FE Collaboration Office Platform templateOfTaohong_manager.jsp Directory Traversal Vulnerability](http/vulnerabilities/yonyou/yonyou-fe-templateOfTaohong_manager-traversal.yaml)
* [SQL Injection Vulnerability in UF GRP A Cloud Government Finance Cloud System Interface selectGlaDatasourcePreview](http/vulnerabilities/yonyou/yonyou-grp-cloud-selectGlaDatasourcePreview -sqli.yaml)
* [UFIDA KSOA PreviewKPQT Existing SQL Injection Vulnerability](http/vulnerabilities/yonyou/yonyou-ksoa-previewkpqt-sqli.yaml)
* [UFIDA KSOA Interface com.sksoft.bill.QueryService with SQL Injection Vulnerability](http/vulnerabilities/yonyou/yonyou-ksoa-queryservice-sqli.yaml)
* [UF NC Cloud interface blobRefClassSea has a deserialization vulnerability](http/vulnerabilities/yonyou/yonyou-ksoa-queryservice-sqli.yaml)
* [UF NC Cloud arbitrary file upload vulnerability](http/vulnerabilities/yonyou/yonyou-nc-cloud-rce.yaml)
* [UF NC complainbilldetail SQL injection vulnerability](http/vulnerabilities/yonyou/yonyou-nc-complainbilldetail-sqli.yaml)
* [UF NC bill SQL Injection Vulnerability](http/vulnerabilities/yonyou/yonyou-nc-down-bill-sqli.yaml)
* [UF NC downCourseWare arbitrary file read](http/vulnerabilities/yonyou/yonyou-nc-downcourseware-file-read.yaml)
* [UF NC downTax SQL Injection Vulnerability](http/vulnerabilities/yonyou/yonyou-nc-downtax-sqli.yaml)
* [SQL Injection Vulnerability in UF NC oacoSchedulerEvents Interface](http/vulnerabilities/yonyou/yonyou-nc-oacoSchedulerEvents-sqli.yaml)
* [SQL Injection Vulnerability in UF NC Interface PaWfm](http/vulnerabilities/yonyou/yonyou-nc-PaWfm-sqli.yaml)
* [UF NC registerServlet Interface JNDI Injection Vulnerability](http/vulnerabilities/yonyou/yonyou-nc-registerServlet-jndi-injection.yaml)
* [UF NC runStateServlet interface is vulnerable to SQL injection](http/vulnerabilities/yonyou/yonyou-nc-runStateServlet-sqli.yaml)
* [SQL Injection Vulnerability in UF NC warningDetailInfo Interface](http/vulnerabilities/yonyou/yonyou-nc-warningdetailinfo-sqli.yaml)
* [SQL Injection Vulnerability in UF NC workflowImageServlet Interface](http/vulnerabilities/yonyou/yonyou-nc-workflowImageServlet-sqli.yaml)
* [UFIDA NC wsncapplet information disclosure vulnerability](http/vulnerabilities/yonyou/yonyou-nc-wsncapplet-disclosure.yaml)
* [UFIDA U8 cloud api_hr SQL injection vulnerability](http/vulnerabilities/yonyou/yonyou-u8-cloud-api-hr-sqli.yaml)
* [UFIDA U8 Cloud ExportUfoFormatAction SQL Injection Vulnerability](http/vulnerabilities/yonyou/yonyou-u8-cloud-ExportUfoFormatAction-sqli.yaml)
* [SQL Injection Vulnerability in UFIDA U8 Cloud System Interface MeasQueryConditionFrameAction](http/vulnerabilities/yonyou/yonyou-u8-cloud-measquery-sqli.yaml)
* [UF U8 Cloud smartweb2.showRPCLoadingTip.d XXE Vulnerability](http/vulnerabilities/yonyou/yonyou-u8-cloud-showRPCLoadingTip-xxe.yaml)
* [UFIDA U8 Cloud System XChangeServlet Interface XXE Vulnerability](http/vulnerabilities/yonyou/yonyou-u8-cloud-xchangeservlet-xxe.yaml)
* [UF U8 Cloud RegisterServlet SQL Injection](http/vulnerabilities/yonyou/yonyou-u8-registerservlet-sqli.yaml)
* [UF U8 Arbitrary File Upload Vulnerability](http/vulnerabilities/yonyou/yonyou-u8-upload-fileupload.yaml)
* [UF GRP-U8 UploadFileData arbitrary file upload vulnerability](http/vulnerabilities/yonyou/yonyou-u8-UploadFileData-fileupload.yaml)
* [UFIDA NC U9 PatchFile.asmx Interface Arbitrary File Upload Vulnerability](http/vulnerabilities/yonyou/yonyou-u9-patchfile-upload.yaml)
* [Ufida NC U9 UMWebService.asmx Arbitrary File Read Vulnerability](http/vulnerabilities/yonyou/yonyou-u9-umwebservice-fileread.yaml)
* [SQL Injection Vulnerability in UFIDA NC System linkVoucher](http/vulnerabilities/yonyou/yonyou-ufida-nc-linkvoucher-sqli.yaml)
* [UFIDA NC pagesServlet with SQL injection](http/vulnerabilities/yonyou/yonyou-ufida-nc-pagesservlet-sqli.yaml)
* [SQL Injection Vulnerability in UFIDA NC System querygoodsgridbycode Interface](http/vulnerabilities/yonyou/yonyou-ufida-nc-querygoodsgridbycode-sqli.yaml)
* [UFIDA NC saveDoc.ajax file upload vulnerability](http/vulnerabilities/yonyou/yonyou-ufida-nc-savedoc-file-upload.yaml)
* [Ufida Mobile Management System uploadApk.do Arbitrary File Upload Vulnerability](http/vulnerabilities/yonyou/yonyou-uploadApk-fileupload.yaml)


### Zendo

* [Zentao Project Management System Authentication Bypass Vulnerability](http/vulnerabilities/zentao/zentao-zentaosid-auth-bypass.yaml)


# Disclaimer

1. Restrictions on use: The contents of this project are for technical study only, and are strictly prohibited from being used for any illegal or illicit behavior. By choosing to use this program, the user understands and agrees to assume all related responsibilities. The project maintainer is not responsible for any legal liability arising from the user's use of the contents of this project.

2. Privacy and content deletion request: If the content of the project involves your privacy rights and interests or the existence of content that you believe needs to be deleted, please clearly point out the specific documents and content by submitting the issue, and provide the corresponding supporting materials. You can also contact me by e-mail. Once verified, I will delete or appropriately handle the relevant content as soon as possible.

Using this program means you have read and agree to the above statement, thank you for your understanding and cooperation.