| शीर्षक | Shenzhen DAS INTELLITECH Co., Ltd. Parking Management System 6.2.0 SQL Injection |
|---|
| विवरण | A critical SQL injection vulnerability exists in the ParkingRecord/Search API endpoint of the "Parking Management System." This flaw is caused by a complete lack of authentication (Unauthorized Access) combined with improper sanitization of the Value parameter within the JSON request body.
A remote, unauthenticated attacker can exploit this vulnerability by submitting a specially crafted POST request to bypass access controls and extract sensitive data, including parking logs, owner details, and administrative credentials. Furthermore, depending on the database configuration, this vulnerability could be leveraged to execute arbitrary system commands, leading to complete server compromise and a total loss of confidentiality, integrity, and availability. |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/IvjXwhgMUinqOckXHIQcrf2Nnjb?from=from_copylink |
|---|
| उपयोगकर्ता | bigbrother_man (UID 96003) |
|---|
| सबमिशन | 29/04/2026 04:48 AM (1 महीना पहले) |
|---|
| संयम | 26/05/2026 09:18 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365611 [Das Parking Management System 停车场管理系统 6.2.0 Search API Endpoint मूल्य SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|