Details of VAR-202011-1528

ID

VAR-202011-1528

TITLE

An SQL injection vulnerability exists in the management platform of the Public Security Bureau’s Internet service business premises

Trust: 0.6

sources: CNVD: CNVD-2020-60079

DESCRIPTION

Harbin Zhonglong Baiying Technology Development Co., Ltd. was established on May 29, 2013, mainly engaged in computer software and hardware, office automation equipment, security equipment, etc. The public security bureau's online service business site management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2020-60079

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-60079

AFFECTED PRODUCTS

vendor:

harbin zhonglong baiying

model:

public security bureau internet service business place management platform

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-60079

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-60079
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-60079
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-60079

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-60079

Trust: 0.6

sources: CNVD: CNVD-2020-60079

SOURCES

db:

CNVD

id:

CNVD-2020-60079

LAST UPDATE DATE

2022-05-04T10:18:10.618000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-60079

date:

2020-11-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-60079

date:

2020-11-30T00:00:00