CNNVD-202510-2463 Information

Oct 17, 2025 cve

CNNVD ID

CNNVD-202510-2463

CVE-2025-11911

CNNVD Published: 2025-10-17

Description (Chinese)

Streamax Crocus是中国锐明（Streamax）公司的一个用于减少商用车减少交通事故和货物丢失的系统。 Streamax Crocus 1.3.40版本存在SQL注入漏洞，该漏洞源于对文件/DeviceFault.do中参数sortField的错误操作，可能导致SQL注入攻击。

Description (English)

Streamax Crocus is a system used by Straamax China to reduce traffic accidents and cargo losses in commercial vehicles. There is an SQL-injection loophole in the Straamax Crocus 1.3.40 version, which is the result of an error in the sortfield parameter in document/DeviceFault.do, which could lead to an SQL-injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

锐明

Published

2025-10-17

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.328921 https://vuldb.com/?submit.671450 https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F-4.md https://vuldb.com/?id.328921 https://access.redhat.com/security/cve/cve-2025-11911

Share on: