Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
Analysis
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
Technical ContextAI
SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.
RemediationAI
Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.
More in Focal Point
View allCross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (f
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16749