CVE Details
Basic Information
| Title | Brilliance Golden Link Secondary System custTakeInfoPage.htm sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-19T20:29:32.333Z |
| Last Seen |
Product Information
| Vendor | Brilliance |
|---|---|
| Product | Golden Link Secondary System |
| Version | 20250609 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in Brilliance Golden Link Secondary System allows remote attackers to inject malicious SQL code via the custTradeName argument. This could lead to unauthorized data access or modification. The vulnerability is considered critical due to its potential impact on data integrity. |
|---|---|
| AI Severity | Medium |
| Vendor | Brilliance |
| Product | Golden Link Secondary System |
| Affected Version | 20250609 |
Affected Products
- Brilliance Golden Link Secondary System 20250609
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
- https://vuldb.com/?id.313281
- https://vuldb.com/?ctiid.313281
- https://vuldb.com/?submit.593074
- https://github.com/eeeeeekkkkkkkk/POC/blob/main/%E9%BB%84%E9%87%91%E9%80%9A%E4%BA%8C%E7%BA%A7%E7%B3%BB%E7%BB%9F%E4%B8%89%E4%BB%A3%E7%AE%A1%E7%90%86%E7%AB%AF%E7%B3%BB%E7%BB%9FcustTakeInfoPage%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5.md
Description
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.