Details of VAR-202011-1527

ID

VAR-202011-1527

TITLE

A SQL injection vulnerability exists in the management platform of the public security bureau’s Internet service business premises (CNVD-2020-60078)

Trust: 0.6

sources: CNVD: CNVD-2020-60078

DESCRIPTION

Harbin Zhonglong Baiying Technology Development Co., Ltd. was established on May 29, 2013, mainly engaged in computer software and hardware, office automation equipment, security equipment, etc. The public security bureau's online service business site management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2020-60078

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-60078

AFFECTED PRODUCTS

vendor:

harbin zhonglong baiying

model:

public security bureau internet service business place management platform

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-60078

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-60078
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-60078
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-60078

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-60078

Trust: 0.6

sources: CNVD: CNVD-2020-60078

SOURCES

db:

CNVD

id:

CNVD-2020-60078

LAST UPDATE DATE

2022-05-04T09:37:58.121000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-60078

date:

2020-11-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-60078

date:

2020-11-30T00:00:00