Hongjing e-HR 2020 - SQLi (CVE-2023-6655)
158Exploiting IPs reported
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.
CrowdSec analysis
CVE-2023-6655 is a vulnerability impacting the Hongjing e-HR platform that allows remote attackers to perform SQL injection on the login interface.
CrowdSec has been tracking this vulnerability and its exploits since 10th of March 2025.
Insights from the CrowdSec network reveal that the attackers trying to exploit CVE-2023-6655 are composed of a fairly even mix of opportunistic and targeted actors. Some attackers employ preliminary reconnaissance, while others use indiscriminate scanning. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2023-6655 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2023-6655 is currently experiencing high visibility and active exploitation across the internet.
Attack patterns are characterized by accesses to URLs starting with /w_selfservice/oauthservlet/%2e./.%2e/.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.