Skip to content

Commit c9ffbd3

Browse files
committed
add: AVE-2024-0007
1 parent 6d3bd5e commit c9ffbd3

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

vulns/2024/AVE-2024-0007.toml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
[basic]
2+
description = "浙江大华技术股份有限公司智能云网关注册管理平台的登录接口存在SQL注入漏洞,未经认证的远程攻击者通过向/index.php/User/doLogin接口发送特制POST请求,在username参数中构造恶意SQL语句,利用updatexml报错函数可触发数据库错误回显,从而窃取数据库中的敏感信息,如管理员凭证、用户数据等。"
3+
published = "2024-10-22"
4+
remediation = "厂商已发布安全更新,建议用户立即升级智能云网关注册管理平台至最新版本;同时应在Web应用防火墙上配置规则拦截含updatexml、extractvalue等报错注入特征的POST请求,并改用参数化查询或预编译语句处理用户输入,防止SQL注入攻击。"
5+
score = 7.5
6+
severity = "HIGH"
7+
sources = [
8+
"cnvd",
9+
"nuclei",
10+
]
11+
title = "浙江大华 智能云网关注册管理平台 SQL注入漏洞"
12+
updated = "2024-10-23"
13+
14+
[exploit]
15+
exp_urls = []
16+
poc_urls = []
17+
18+
[id]
19+
aliases = [
20+
"NUCLEI-HTTP-CNVD-2024-CNVD-2024-38747-YAML",
21+
"CNVD-2024-38747",
22+
]
23+
ave_id = "AVE-2024-0007"
24+
25+
[meta]
26+
collected_at = "2026-07-15T00:00:00Z"
27+
status = "completed"
28+
29+
[references]
30+
urls = [
31+
"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2024/CNVD-2024-38747.yaml",
32+
"https://blog.csdn.net/qq_39894062/article/details/142982815",
33+
]

0 commit comments

Comments
 (0)