| 제목 | Hisense TransTech Hisense Smart Bus Management System 1.0 SQL Injection |
|---|
| 설명 | Hisense Smart Bus Enterprise Management System, developed by Hisense TransTech Co., Ltd., contains a SQL injection vulnerability. The vulnerability is located in the `key` parameter of the `YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx` file. The system's backend code (specifically the `Page_Load` method) directly retrieves the user-supplied `key` parameter and assigns it to a `BusEntity` object, passing it to `AdminBLLFactory` for database query operations without effective validation or parameterization. An unauthenticated remote attacker can exploit this vulnerability by sending HTTP requests containing malicious SQL statements to obtain sensitive information from the database. |
|---|
| 원천 | ⚠️ https://github.com/master-abc/cve/issues/15 |
|---|
| 사용자 | jiefengliang (UID 93721) |
|---|
| 제출 | 2026. 01. 13. PM 03:22 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 26. PM 06:44 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 342881 [Hisense TransTech Smart Bus Management System 까지 20260113 TireMng.aspx Page_Load key SQL 주입] |
|---|
| 포인트들 | 20 |
|---|