轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202511-00000006
[內容說明]
【一等一科技|U-Office Force - SQL Injection】(CVE-2025-12864,CVSS:8.8) 已驗證之遠端攻擊者可注入任意SQL指令讀取、修改及刪除資料庫內容。
【一等一科技|U-Office Force - SQL Injection】(CVE-2025-12865,CVSS:8.8) 已驗證之遠端攻擊者可注入任意SQL指令讀取、修改及刪除資料庫內容。
[影響平台]
U-Office Force 29.50(不含)以前版本
[建議措施]
更新至29.50(含)以後版本
[參考資料]
1. https://www.twcert.org.tw/tw/cp-132-10488-2df22-1.html
Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202511-00000006
[Content Description]
【e-Excellence|U-Office Force - SQL Injection】(CVE-2025-12864, CVSS: 8.8) A verified remote attacker can inject arbitrary SQL commands to read, modify, and delete database contents.
【e-Excellence|U-Office Force - SQL Injection】(CVE-2025-12865, CVSS: 8.8) A verified remote attacker can inject arbitrary SQL commands to read, modify, and delete database contents.
[Affected Platforms]
U-Office Force versions prior to 29.50 (excluding 29.50)
[Recommended Action]
Update to version 29.50 (inclusive) or later
[References]
1. https://www.twcert.org.tw/tw/cp-132-10488-2df22-1.html
【資安漏洞預警】一等一科技|U-Office Force - 存在2個漏洞(CVE-2025-12864)(CVE-2025-12865)
[Security Vulnerability Alert] e-Excellence | U-Office Force - Contains 2 vulnerabilities (CVE-2025-12864)(CVE-2025-12865)
公告類別:行政公告
發佈日期:2025/11/13 至 2026/05/13
點閱數:41
相關附件
返回列表
