EUVD-2025-18383

| CVE-2025-6116 HIGH
2025-06-16 [email protected]
SQLi Parking Management System
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18383
CVE Published
Jun 16, 2025 - 10:15 nvd
HIGH 7.3

DescriptionNVD

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFieldVehicle/Search of the component API. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical SQL injection vulnerability in Das Parking Management System (停车场管理系统) version 6.2.0 affecting the /IntraFieldVehicle/Search API endpoint. An unauthenticated remote attacker can manipulate the 'Value' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure available and carries a CVSS score of 7.3 with demonstrated feasibility of remote exploitation.

Technical ContextAI

The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - 'Injection'). Das Parking Management System is a vehicle parking facility management application that exposes RESTful API endpoints for vehicle search operations. The /IntraFieldVehicle/Search endpoint fails to properly sanitize or parameterize the 'Value' query parameter before incorporating it into SQL queries, allowing classic SQL injection attacks. This is a direct result of inadequate input validation and lack of prepared statement usage in the API layer of the parking management application.

RemediationAI

  1. IMMEDIATE: Disable or restrict access to the /IntraFieldVehicle/Search endpoint until patching is completed. 2) Apply vendor security patches to upgrade Das Parking Management System beyond version 6.2.0 (specific patch version not provided in available data - contact vendor directly or check official advisory). 3) INTERIM MITIGATION: Implement Web Application Firewall (WAF) rules to detect and block SQL injection patterns in the 'Value' parameter (common patterns: UNION, SELECT, OR 1=1, --, /**/). 4) INPUT VALIDATION: Implement strict allowlist validation for the 'Value' parameter accepting only expected character sets. 5) DATABASE HARDENING: Ensure database user credentials have minimal necessary privileges, implement query result pagination, and enable database query logging for audit trails. 6) Vendor contact: Reach out to Das Parking Management System vendor for official patch release timeline and security advisory details.

Share

EUVD-2025-18383 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy