File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 浙江大华技术股份有限公司智能云网关注册管理平台的登录接口存在SQL注入漏洞,未经认证的远程攻击者通过向/index.php/User/doLogin接口发送特制POST请求,在username参数中构造恶意SQL语句,利用updatexml报错函数可触发数据库错误回显,从而窃取数据库中的敏感信息,如管理员凭证、用户数据等。"
3+ published = " 2024-10-22"
4+ remediation = " 厂商已发布安全更新,建议用户立即升级智能云网关注册管理平台至最新版本;同时应在Web应用防火墙上配置规则拦截含updatexml、extractvalue等报错注入特征的POST请求,并改用参数化查询或预编译语句处理用户输入,防止SQL注入攻击。"
5+ score = 7.5
6+ severity = " HIGH"
7+ sources = [
8+ " cnvd" ,
9+ " nuclei" ,
10+ ]
11+ title = " 浙江大华 智能云网关注册管理平台 SQL注入漏洞"
12+ updated = " 2024-10-23"
13+
14+ [exploit ]
15+ exp_urls = []
16+ poc_urls = []
17+
18+ [id ]
19+ aliases = [
20+ " NUCLEI-HTTP-CNVD-2024-CNVD-2024-38747-YAML" ,
21+ " CNVD-2024-38747" ,
22+ ]
23+ ave_id = " AVE-2024-0007"
24+
25+ [meta ]
26+ collected_at = " 2026-07-15T00:00:00Z"
27+ status = " completed"
28+
29+ [references ]
30+ urls = [
31+ " https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2024/CNVD-2024-38747.yaml" ,
32+ " https://blog.csdn.net/qq_39894062/article/details/142982815" ,
33+ ]
You can’t perform that action at this time.
0 commit comments