CVE Details
Basic Information
| Title | Baison Channel Middleware Product ToJsonByControlName sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-03T10:31:07.268Z |
| Last Seen |
Product Information
| Vendor | Baison |
|---|---|
| Product | Channel Middleware Product |
| Version | 2.0.1 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in Baison Channel Middleware Product’s ToJsonByControlName function allows remote attackers to inject malicious SQL code, potentially leading to data extraction or system compromise. |
|---|---|
| AI Severity | High |
| Vendor | Baison |
| Product | Channel Middleware Product |
| Affected Version | 2.0.1 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | Baison Channel Middleware Product 2.0.1 |
Source Information
| Source Data | Baison Channel Middleware Product 2.0.1 |
|---|---|
| Source Link |
Description
A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)