Details of VAR-202011-1531

ID

VAR-202011-1531

TITLE

A SQL injection vulnerability exists in the management platform of the public security bureau’s Internet service business premises (CNVD-2020-60077)

Trust: 0.6

sources: CNVD: CNVD-2020-60077

DESCRIPTION

Harbin Zhonglong Baiying Technology Development Co., Ltd. was established on May 29, 2013, mainly engaged in computer software and hardware, office automation equipment, security equipment, etc. The public security bureau's online service business site management platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.

Trust: 0.6

sources: CNVD: CNVD-2020-60077

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-60077

AFFECTED PRODUCTS

vendor:

harbin zhonglong baiying

model:

public security bureau internet service business place management platform

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-60077

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-60077
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-60077
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-60077

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-60077

Trust: 0.6

sources: CNVD: CNVD-2020-60077

SOURCES

db:

CNVD

id:

CNVD-2020-60077

LAST UPDATE DATE

2022-05-04T10:07:22.430000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-60077

date:

2020-11-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-60077

date:

2020-11-30T00:00:00