Submit #780377: 648540858 (GitHub) wvp-GB28181-pro master branch — commit to be confirmed (see repository for latest hash) SQL Injectioninfo

Title648540858 (GitHub) wvp-GB28181-pro master branch — commit to be confirmed (see repository for latest hash) SQL Injection
DescriptionA SQL injection vulnerability exists in the stream proxy list endpoint of wvp-GB28181-pro. The `query` parameter passed to `GET /api/proxy/list` is incorporated into a dynamically constructed SQL statement via direct string concatenation without parameterization. An authenticated attacker can inject arbitrary SQL to extract sensitive data from the database, including credentials.
Source⚠️ https://github.com/bybinyu/Vulnerability-Practice/issues/9
User
 binyu (UID 96262)
Submission03/15/2026 07:34 (4 months ago)
Moderation03/30/2026 21:01 (16 days later)
StatusDuplicate
VulDB entry352435 [648540858 wvp-GB28181-pro up to 2.7.4 Stream Proxy Query StreamProxyProvider.java selectAll sql injection]
Points0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!