إرسال #848640: Hanwang Technology Co., Ltd. e-FacePass Integrated Management Platform V6.3.5.4 CWE-89 (Unauthenticated SQL Injection)المعلومات

عنوانHanwang Technology Co., Ltd. e-FacePass Integrated Management Platform V6.3.5.4 CWE-89 (Unauthenticated SQL Injection)
الوصفHanwang Technology Hanwang e-FacePass Integrated Management Platform contains an unauthenticated SQL injection vulnerability in the /sysAuthStr/querySysAuthStr.do endpoint. The vulnerability exists in a publicly accessible, pre-authentication interface that fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. A remote attacker can exploit this flaw without authentication to execute arbitrary SQL statements, potentially resulting in unauthorized access to sensitive database contents, information disclosure, and further compromise of the affected system.
المصدر⚠️ https://ucn9h68n9289.feishu.cn/docx/RWItdiw5Go02UsxHxgNcMWBqnJc?from=from_copylink
المستخدم
 bigbrother_man (UID 96003)
ارسال05/06/2026 04:35 AM (30 أيام منذ)
الاعتدال04/07/2026 11:03 AM (29 days later)
الحالةتمت الموافقة
إدخال VulDB376320 [Hanwang e-Face General Management Platform 6.3.5.4 querySysAuthStr.do order حقن SQL]
النقاط20

Do you know our Splunk app?

Download it now for free!