| Titel | Hunan Zhonghe Baiyi Information Technology Co., Ltd. Baiyiyun Asset Management and Operations System /wuser/anyUserBoundHouse.php SQL Injection |
|---|
| Beschreibung | Hunan Zhonghe Baiyi Information Technology Co., Ltd. (referred to as Baiyiyun), founded in 2017, is a national high-tech enterprise dedicated to digital solutions in the real estate sector. The company provides comprehensive digital transformation services for residential, commercial, industrial, and public infrastructure sectors, aiming to enhance operational efficiency and reduce costs. The Baiyiyun Asset Management and Operations System was found to contain a SQL injection vulnerability in the /wuser/anyUserBoundHouse.php interface. Attackers can exploit this vulnerability by crafting malicious requests to inject SQL commands, bypassing normal query logic and directly manipulating the database. Successful exploitation may lead to sensitive data leakage (e.g., database names, user credentials) or even remote command execution and data tampering.
Data Leakage: Attackers can exfiltrate sensitive data (e.g., user credentials, asset details).
Privilege Escalation: Potential execution of system commands or file writes, leading to server compromise.
Business Disruption: Data tampering or deletion may cause operational downtime and reputational damage. |
|---|
| Quelle | ⚠️ https://github.com/chichi24-ver/CVE/blob/main/CVE_1.md |
|---|
| Benutzer | chichi16 (UID 81605) |
|---|
| Einreichung | 17.02.2025 17:59 (vor 1 Jahr) |
|---|
| Moderieren | 28.02.2025 20:57 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 298028 [Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System bis 20250217 anyUserBoundHouse.php huid SQL Injection] |
|---|
| Punkte | 20 |
|---|