| Title | Zytec Central Authentication Service(融合门户) 3 Violation of Secure Design Principles |
|---|
| Description | Official website: https://www.zytec.cn/
Dalian Zhuoyun Technology Co., Ltd. was established in 2008 and is headquartered in the Dalian High-tech Industrial Park in Liaoning Province. It is a high-tech enterprise focused on the field of educational information technology.
The Dalian Zhuoyun Technology integration portal has a serious design flaw.
A Controller of this product has serious design flow, which allows unauthorized attackers to plan a remote attack.The harm it can directly cause includes but is not limited to:Remote command execution, SQL command execution, SSRF,Arbitrary File Read. |
|---|
| Source | ⚠️ http://x.x.x.x:38765/qwertyuiop/Vuldb/Zytec.html |
|---|
| User | BadKitty (UID 90804) |
|---|
| Submission | 10/09/2025 02:55 (6 months ago) |
|---|
| Moderation | 10/26/2025 06:55 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329938 [Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009 /index.php/auth/widget _empty get.layer/get.widget/get.action code injection] |
|---|
| Points | 20 |
|---|