Sign-up

ID

VAR-202105-1701


TITLE

An SQL injection vulnerability exists in the business control system of Taiyuan Easysoft Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2021-30136

DESCRIPTION

Taiyuan Yisi Software Technology Co., Ltd. is an Internet software development and system integration enterprise that relies on Internet information and Internet of Things technology to provide enterprises with complete smart factory solutions. An SQL injection vulnerability exists in the business management and control system of Taiyuan Yisi Software Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-30136

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-30136

AFFECTED PRODUCTS

vendor:taiyuan easysoftmodel:business management and control systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-30136

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-30136
value: HIGH

Trust: 0.6

CNVD: CNVD-2021-30136
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-30136

EXTERNAL IDS

db:CNVDid:CNVD-2021-30136

Trust: 0.6

sources: CNVD: CNVD-2021-30136

SOURCES

db:CNVDid:CNVD-2021-30136

LAST UPDATE DATE

2022-05-04T10:10:35.599000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-30136date:2021-04-23T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-30136date:2021-05-16T00:00:00