Skip to main content

Parking Management System CVE-2026-9552

| EUVD-2026-31829 MEDIUM
SQL Injection (CWE-89)
2026-05-26 VulDB GHSA-pq63-jx4c-vwrm
SQLi Parking Management System
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 12:22 vuln.today
Severity Changed
May 26, 2026 - 15:22 NVD
HIGH MEDIUM
CVSS changed
May 26, 2026 - 15:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)

DescriptionCVE.org

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in Das Parking Management System (停车场管理系统) 6.2.0 allows remote unauthenticated attackers to manipulate the Value argument of the Search API Endpoint, enabling unauthorized database read and write operations. The CVSS 4.0 vector confirms network-accessible, zero-complexity, no-privilege-required exploitation with partial impact across confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Parking Management System instance
Delivery
Send crafted HTTP request to Search API Endpoint
Exploit
Inject SQL payload into Value argument
Execution
Extract database contents or modify records
Impact
Exfiltrate operator or user data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of Das Parking Management System 6.2.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite a moderate CVSS 4.0 score of 5.5, the risk signals require careful interpretation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP request to the publicly accessible Search API Endpoint, injecting SQL syntax into the Value parameter (e.g., a UNION-based payload to extract database schema or credentials). Because the SSVC assessment marks this as Automatable, the attacker could script a tool to enumerate multiple instances of this software, systematically exfiltrating parking records, user credentials, or operator data stored in the backing database. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor was contacted prior to public disclosure and did not respond. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9552 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy