ID

VAR-201910-1857


TITLE

SQL injection vulnerability exists in the front desk of the laboratory management system of Hunan Santang Information Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2019-33141

DESCRIPTION

Hunan Santang Information Technology Co., Ltd. takes the IT operation and maintenance integration platform and IT operation and maintenance service sharing platform as the core, and the business system supplemented by the university's smart laboratory and IT customization development to create an "Internet of Things" type IT integrated operation and maintenance platform , Help users to visualize unified operation and maintenance management of IT assets. There is a SQL injection vulnerability in the front of the laboratory management system of Hunan Santang Information Technology Co., Ltd. An attacker can use the vulnerability to obtain database information.

Trust: 0.6

sources: CNVD: CNVD-2019-33141

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33141

AFFECTED PRODUCTS

vendor:hunan santang informationmodel:laboratory integrated management systemscope:eqversion:v6.0

Trust: 0.6

sources: CNVD: CNVD-2019-33141

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-33141
value: HIGH

Trust: 0.6

CNVD: CNVD-2019-33141
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-33141

PATCH

title:SQL Injection Vulnerability in the Front Office of the Comprehensive Management System V6.0 of Santang Information Technology Laboratoryurl:https://www.cnvd.org.cn/patchinfo/show/179487

Trust: 0.6

sources: CNVD: CNVD-2019-33141

EXTERNAL IDS

db:CNVDid:CNVD-2019-33141

Trust: 0.6

sources: CNVD: CNVD-2019-33141

SOURCES

db:CNVDid:CNVD-2019-33141

LAST UPDATE DATE

2022-05-04T09:16:12.651000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-33141date:2019-09-26T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-33141date:2019-10-21T00:00:00