Vulnerabilities

CVE-2025-34059

by Fred · 01/07/2025

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information.

More information : https://pentest-tools.com/vulnerabilities-exploits/zhejiang-dahua-smart-cloud-gateway-registration-platform-sql-injection-cnvd-2024-38747_23762

Similar

Tags: Cybersecurity Alert