CNNVD-202510-2462 Information
CNNVD ID
CNNVD-202510-2462
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
Streamax Crocus是中国锐明(Streamax)公司的一个用于减少商用车减少交通事故和货物丢失的系统。 Streamax Crocus 1.3.40版本存在SQL注入漏洞,该漏洞源于对文件/DeviceState.do中参数orderField的错误操作,可能导致SQL注入攻击。
Description (English)
Streamax Crocus is a system used by Straamax China to reduce traffic accidents and cargo losses in commercial vehicles. The version of Streamax Crocus 1.3.40 contains an injection loophole in SQL, which stems from a mishandling of the parameter orderfield in file/DeviceState.do, which could lead to an attack on SQL.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
锐明
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F-5.md https://vuldb.com/?submit.671455 https://vuldb.com/?ctiid.328922 https://vuldb.com/?id.328922 https://access.redhat.com/security/cve/cve-2025-11912
Share on: