CVE Details
Basic Information
| Title | Brilliance Golden Link Secondary System rentTakeInfoPage.htm sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-19T20:00:12.445Z |
| Last Seen |
Product Information
| Vendor | Brilliance |
|---|---|
| Product | Golden Link Secondary System |
| Version | 20250609 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in the Brilliance Golden Link Secondary System allows remote attackers to inject SQL commands via the custTradeName argument in rentTakeInfoPage.htm. This could lead to unauthorized data access or modification. |
|---|---|
| AI Severity | Medium |
| Vendor | Brilliance |
| Product | Golden Link Secondary System |
| Affected Version | 20250609 |
Affected Products
- Brilliance Golden Link Secondary System 20250609
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
- https://vuldb.com/?id.313280
- https://vuldb.com/?ctiid.313280
- https://vuldb.com/?submit.593067
- https://github.com/eeeeeekkkkkkkk/POC/blob/main/%E9%BB%84%E9%87%91%E9%80%9A%E4%BA%8C%E7%BA%A7%E7%B3%BB%E7%BB%9F%E4%B8%89%E4%BB%A3%E7%AE%A1%E7%90%86%E7%AB%AF%E7%B3%BB%E7%BB%9FrentTakeInfoPage%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5.md
Description
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.