Описание
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Ссылки
- ExploitThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
3.5 Low
CVSS3
4.6 Medium
CVSS3
2.7 Low
CVSS2
Дефекты
Связанные уязвимости
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Уязвимость файла /ipms/imageConvert/image Smart-технологии для управления паркингом Dahua Smart Parking Management, позволяющая нарушителю осуществить SSRF-атаку
EPSS
3.5 Low
CVSS3
4.6 Medium
CVSS3
2.7 Low
CVSS2