| शीर्षक | Ancoelectric Electric Co., Ltd. EEMS enterprise power operation and maintenance cloud platform 3000WEBV2 SQL Injection |
|---|
| विवरण | The sortparameter at the /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTreeendpoint is vulnerable to unauthorized SQL injection. An attacker can exploit this vulnerability without any authentication. In the code, the sortparameter is directly concatenated into the SQL statement, and the system executes the resulting query, leading to SQL injection. Successful exploitation allows an attacker to dump the database and obtain all stored data. |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/NpZHw0lypi6ztJkWLNxcGKR5nlb?from=from_copylink |
|---|
| उपयोगकर्ता | bigbrother_man (UID 96003) |
|---|
| सबमिशन | 28/04/2026 03:15 AM (1 महीना पहले) |
|---|
| संयम | 25/05/2026 09:24 PM (28 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365542 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcmeterDetailDayListTree SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|