ID
VAR-201706-1116
TITLE
SQL injection vulnerability in multiple parameters of multiple files on Dahua Alarm Operations Management Platform equipment
Trust: 0.6
DESCRIPTION
Dahua Alarm Management Platform is a comprehensive system solution with alarm reception and processing as its core. Dahua alarm operation management platform equipment bean.recId parameter of attachment_clearTempFile.action file, bean.recId parameter of attachment_getAttList.action file, multiple parameters of caseHistory_search.action file, multiple parameters of maintenance_search.action file, A SQL injection vulnerability exists in the searchBean.point parameter and the searchBean.carNumColor parameter in the picrecordWanted_search.action file. Allows attackers to exploit vulnerabilities to obtain database sensitive information.
Trust: 0.6
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dahua | model: | alarm operation management platform | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Patch for SQL injection vulnerability in multiple parameters of multiple files on Dahua Alarm Operations Management Platform equipment | url: | https://www.cnvd.org.cn/patchinfo/show/96434 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2017-06001 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2017-06001 |
LAST UPDATE DATE
2022-05-04T09:51:29.229000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-06001 | date: | 2017-06-26T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-06001 | date: | 2017-06-19T00:00:00 |