提交 #848640: Hanwang Technology Co., Ltd. e-FacePass Integrated Management Platform V6.3.5.4 CWE-89 (Unauthenticated SQL Injection)信息

标题Hanwang Technology Co., Ltd. e-FacePass Integrated Management Platform V6.3.5.4 CWE-89 (Unauthenticated SQL Injection)
描述Hanwang Technology Hanwang e-FacePass Integrated Management Platform contains an unauthenticated SQL injection vulnerability in the /sysAuthStr/querySysAuthStr.do endpoint. The vulnerability exists in a publicly accessible, pre-authentication interface that fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. A remote attacker can exploit this flaw without authentication to execute arbitrary SQL statements, potentially resulting in unauthorized access to sensitive database contents, information disclosure, and further compromise of the affected system.
来源⚠️ https://ucn9h68n9289.feishu.cn/docx/RWItdiw5Go02UsxHxgNcMWBqnJc?from=from_copylink
用户
 bigbrother_man (UID 96003)
提交2026-06-05 04時35分 (1 月前)
管理2026-07-04 11時03分 (29 days later)
状态已接受
VulDB条目376320 [Hanwang e-Face General Management Platform 6.3.5.4 querySysAuthStr.do order SQL注入]
积分20

Might our Artificial Intelligence support you?

Check our Alexa App!