| Titel | Fujian Kelixun Communication Co., Ltd. Command and dispatch management platform v1.0 SQL Injection |
|---|
| Beschreibung | During the security review of the "Command and Dispatch Management Platform", I discovered a high-risk SQL injection vulnerability in the "/fax_view.php" file. The vulnerability stems from insufficient user input validation of the "uuid" parameter, allowing an attacker to inject malicious SQL commands. Ultimately, the attacker can gain unauthorized access to the victim's operating system. We need to take immediate remediation measures to ensure system security and protect data integrity. |
|---|
| Quelle | ⚠️ https://github.com/Qi-gy/cve/issues/1 |
|---|
| Benutzer | Qi777 (UID 84705) |
|---|
| Einreichung | 02.05.2025 05:21 (vor 1 Jahr) |
|---|
| Moderieren | 23.05.2025 08:26 (21 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 310084 [Fujian Kelixun 1.0 xml_cdr_details.php uuid SQL Injection] |
|---|
| Punkte | 20 |
|---|