Sign-up

ID

VAR-201903-1740


TITLE

SQL Injection Vulnerability in Shandong Zhixin Information Technology Co., Ltd. Website Construction System

Trust: 0.6

sources: CNVD: CNVD-2019-06198

DESCRIPTION

Shandong Zhixin Information Technology Co., Ltd. is a comprehensive high-tech enterprise integrating software research and development, system integration, Internet of Things, virtual reality, big data, cloud computing, artificial intelligence and Internet services. There is a SQL injection vulnerability in the website construction system of Shandong Zhixin Information Technology Co., Ltd. An attacker could use the vulnerability to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2019-06198

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06198

AFFECTED PRODUCTS

vendor:zhixin informationmodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06198

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-06198
value: HIGH

Trust: 0.6

CNVD: CNVD-2019-06198
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-06198

PATCH

title:Zhixin Technology Development Template Has SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/153681

Trust: 0.6

sources: CNVD: CNVD-2019-06198

EXTERNAL IDS

db:CNVDid:CNVD-2019-06198

Trust: 0.6

sources: CNVD: CNVD-2019-06198

SOURCES

db:CNVDid:CNVD-2019-06198

LAST UPDATE DATE

2022-05-04T10:11:33.071000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-06198date:2019-03-06T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-06198date:2019-03-30T00:00:00