Details of VAR-202011-1529

ID

VAR-202011-1529

TITLE

A SQL injection vulnerability exists in the management platform of the public security bureau’s online service business premises (CNVD-2020-60076)

Trust: 0.6

sources: CNVD: CNVD-2020-60076

DESCRIPTION

Harbin Zhonglong Baiying Technology Development Co., Ltd. was established on May 29, 2013, mainly engaged in computer software and hardware, office automation equipment, security equipment, etc. The public security bureau's online service business site management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2020-60076

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-60076

AFFECTED PRODUCTS

vendor:

harbin zhonglong baiying

model:

public security bureau internet service business place management platform

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-60076

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-60076
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-60076
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-60076

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-60076

Trust: 0.6

sources: CNVD: CNVD-2020-60076

SOURCES

db:

CNVD

id:

CNVD-2020-60076

LAST UPDATE DATE

2022-05-04T08:33:45.645000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-60076

date:

2020-11-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-60076

date:

2020-11-30T00:00:00