Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SQL injection against an authorization endpoint enables full database read (C:H); write impact is limited (I:L); AV:N and PR:N align with the CVSS 4.0 source vector indicating unauthenticated network exploitation.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
AnalysisAI
SQL injection in Hanwang e-Face General Management Platform 6.3.5.4 exposes the /sysAuthStr/querySysAuthStr.do endpoint to unauthenticated remote database manipulation via the unsanitized order parameter. The endpoint handles system authorization strings, meaning successful exploitation likely targets credential or access-control records - a high-sensitivity data class despite the vendor-assigned Low impact ratings. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The /sysAuthStr/querySysAuthStr.do endpoint must be reachable over the network from the attacker. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 source vector (AV:N/AC:L/AT:N/PR:N/UI:N) reflects a worst-case network posture: no authentication, no user interaction, no special attack preconditions, and trivially reachable over the internet. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker discovers a Hanwang e-Face platform instance accessible over the network and submits a crafted HTTP GET or POST request to /sysAuthStr/querySysAuthStr.do with a UNION-based SQL payload in the `order` parameter, injecting a secondary SELECT against the users or auth-token table. The injected query returns system authorization strings - potentially session tokens or credentials - which the attacker uses to authenticate to the management interface or pivot to connected access control hardware. … |
| Remediation | No vendor-released patch has been identified at time of analysis - source references include only VulDB submission URLs and a public exploit document, with no Hanwang advisory or patched release version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41745
GHSA-vj97-338f-28pp