CNNVD-202602-1122 Information

CNNVD ID

CNNVD-202602-1122

Related CVE

CVE-2020-37141

• CNNVD Published: 2026-02-07

Description (Chinese)

AMSS++是Amssplus的一个办公管理支持系统的工具。 AMSS++ 4.31版本存在SQL注入漏洞，该漏洞源于modules/mail/main/maildetail.php脚本中id参数存在SQL注入，可能导致攻击者访问或修改数据库内容。

Description (English)

AMSS++ is a tool for an office management support system in Amsplus. Version AMSS++ 4.31 has an injection loophole in SQL, which stems from the presence of SQL input of the id parameters in the mudules/mail/main/maildetail.php script, which may lead to the attackers accessing or modifying the contents of the database.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Amssplus

Published

2026-02-07

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/48109 https://www.vulncheck.com/advisories/amss-v-id-sql-injection https://access.redhat.com/security/cve/cve-2020-37141