EUVD-2026-31827
GHSA-2584-45j5-q8f5
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection via the xp_cmdshell-invoked export endpoint in Das Parking Management System 6.2.0 allows unauthenticated remote attackers to manipulate database queries through the Value parameter of the ParkingRecord/ExportParkingRecords API endpoint. The specific reference to xp_cmdshell - a Microsoft SQL Server extended stored procedure capable of executing operating system commands - elevates the potential impact beyond typical data-layer SQL injection if that procedure is enabled on the target SQL Server instance, making this more consequential than the CVSS 5.5 score alone suggests. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No authentication is required (CVSS PR:N) and no user interaction is needed (UI:N), meaning any network-reachable instance of the ParkingRecord/ExportParkingRecords endpoint is directly exploitable without credentials. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.5 (Medium), with vector AV:N/AC:L/AT:N/PR:N/UI:N and partial impact (VC:L/VI:L/VA:L), reflects a network-reachable, low-complexity, unauthenticated attack but potentially understates real-world risk given the xp_cmdshell context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a crafted HTTP request to the publicly accessible ParkingRecord/ExportParkingRecords endpoint, injecting SQL metacharacters into the Value parameter to break out of the intended query context and append malicious SQL. If xp_cmdshell is enabled on the target SQL Server, the injected payload triggers OS command execution under the SQL Server service account, potentially enabling file system access, credential harvesting, or a foothold for lateral movement. … |
| Remediation | No vendor-released patch is identified at time of analysis - the vendor did not respond to coordinated disclosure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today