Parking Management System
Monthly
SQL injection in Das Parking Management System (停车场管理系统) 6.2.0 allows remote unauthenticated attackers to manipulate the Value argument of the Search API Endpoint, enabling unauthorized database read and write operations. The CVSS 4.0 vector confirms network-accessible, zero-complexity, no-privilege-required exploitation with partial impact across confidentiality, integrity, and availability. A public exploit has been released per VulDB (EUVD-2026-31829), and the vendor was unresponsive to disclosure - no patch exists at time of analysis.
SQL injection via the xp_cmdshell-invoked export endpoint in Das Parking Management System 6.2.0 allows unauthenticated remote attackers to manipulate database queries through the Value parameter of the ParkingRecord/ExportParkingRecords API endpoint. The specific reference to xp_cmdshell - a Microsoft SQL Server extended stored procedure capable of executing operating system commands - elevates the potential impact beyond typical data-layer SQL injection if that procedure is enabled on the target SQL Server instance, making this more consequential than the CVSS 5.5 score alone suggests. A publicly available proof-of-concept exploit exists and the vendor has not responded to disclosure, leaving version 6.2.0 without a vendor-issued patch.
A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection in Das Parking Management System (停车场管理系统) 6.2.0 allows remote unauthenticated attackers to manipulate the Value argument of the Search API Endpoint, enabling unauthorized database read and write operations. The CVSS 4.0 vector confirms network-accessible, zero-complexity, no-privilege-required exploitation with partial impact across confidentiality, integrity, and availability. A public exploit has been released per VulDB (EUVD-2026-31829), and the vendor was unresponsive to disclosure - no patch exists at time of analysis.
SQL injection via the xp_cmdshell-invoked export endpoint in Das Parking Management System 6.2.0 allows unauthenticated remote attackers to manipulate database queries through the Value parameter of the ParkingRecord/ExportParkingRecords API endpoint. The specific reference to xp_cmdshell - a Microsoft SQL Server extended stored procedure capable of executing operating system commands - elevates the potential impact beyond typical data-layer SQL injection if that procedure is enabled on the target SQL Server instance, making this more consequential than the CVSS 5.5 score alone suggests. A publicly available proof-of-concept exploit exists and the vendor has not responded to disclosure, leaving version 6.2.0 without a vendor-issued patch.
A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.