Отправить #494807: Hunan Zhonghe Baiyi Information Technology Co., Ltd. Baiyi Cloud Asset Management System /wuser/admin.house.collect.php SQL InjectionИнформация

НазваниеHunan Zhonghe Baiyi Information Technology Co., Ltd. Baiyi Cloud Asset Management System /wuser/admin.house.collect.php SQL Injection
ОписаниеThe /wuser/admin.house.collect.php interface in the Baiyi Cloud Asset Management System is vulnerable to SQL injection. Attackers can exploit this vulnerability by crafting malicious request parameters (project_id) to perform Time-Based Blind SQL Injection, bypassing security mechanisms and directly manipulating the database to access sensitive information (such as database names, table data, etc.). This vulnerability affects multiple asset instances and can be triggered without authentication. Sensitive Data Leakage: Attackers can steal business data, user information, system configurations, etc. Loss of System Control: Injection attacks may lead to full server compromise. Business Disruption Risk: Malicious injections can corrupt the database, causing service outages. Compliance Risks: Data breaches may violate privacy regulations (e.g., GDPR), leading to legal consequences.
Источник⚠️ https://github.com/stevenchen0x01/CVE/issues/2
Пользователь
 Steven_Dra3w (UID 76559)
Представление04.02.2025 14:04 (1 Год назад)
Модерация19.02.2025 07:33 (15 days later)
Статуспринято
Запись VulDB296237 [Baiyi Cloud Asset Management System до 20250204 admin.house.collect.php project_id SQL-инъекция]
Баллы20

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!