CVE Details
Basic Information
| Title | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 barcodeDetail sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-19T14:00:15.455Z |
| Last Seen |
Product Information
| Vendor | zhilink 智互联(深圳)科技有限公司 |
|---|---|
| Product | ADP Application Developer Platform 应用开发者平台 |
| Version | 1.0.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the barcodeDetail component of the ADP Application Developer Platform due to improper input handling. This allows remote attackers to inject malicious SQL code, potentially leading to data tampering or unauthorized access. The vendor has not responded to disclosure attempts. |
|---|---|
| AI Severity | High |
| Vendor | Zhilink (Shenzhen) Co., Ltd. |
| Product | ADP Application Developer Platform 应用开发者平台 |
| Affected Version | 1.0.0 |
Affected Products
- zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.