CVE Details
Basic Information
| Title | Das Parking Management System 停车场管理系统 API Search sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-16T09:31:05.148Z |
| Last Seen |
Product Information
| Vendor | Das |
|---|---|
| Product | Parking Management System 停车场管理系统 |
| Version | 6.2.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in the API Search component of Das Parking Management System version 6.2.0. This allows remote attackers to inject malicious SQL code, potentially leading to unauthorized data access or system compromise. |
|---|---|
| AI Severity | Medium |
| Vendor | Das |
| Product | Parking Management System 停车场管理系统 |
| Affected Version | 6.2.0 |
Affected Products
- Das Parking Management System 停车场管理系统 6.2.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFieldVehicle/Search of the component API. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.