Sign-up

ID

VAR-202106-2332


TITLE

SQL injection vulnerability exists in the integrated system of production, supply and marketing management and control of Yisi

Trust: 0.6

sources: CNVD: CNVD-2021-37379

DESCRIPTION

Taiyuan Yisi Software Technology Co., Ltd. is an Internet software development and system integration enterprise that relies on Internet information and Internet of Things technology to provide enterprises with complete smart factory solutions. A SQL injection vulnerability exists in the integrated system of Yisi's production, supply and marketing management and control. Attackers can use vulnerabilities to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-37379

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-37379

AFFECTED PRODUCTS

vendor:taiyuan yisimodel:integrated production supply and marketing control systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-37379

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-37379
value: HIGH

Trust: 0.6

CNVD: CNVD-2021-37379
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-37379

EXTERNAL IDS

db:CNVDid:CNVD-2021-37379

Trust: 0.6

sources: CNVD: CNVD-2021-37379

SOURCES

db:CNVDid:CNVD-2021-37379

LAST UPDATE DATE

2022-05-04T10:07:08.497000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-37379date:2021-05-27T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-37379date:2021-06-25T00:00:00