CNNVD-202510-2464 Information
CNNVD ID
CNNVD-202510-2464
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
Streamax Crocus是中国锐明(Streamax)公司的一个用于减少商用车减少交通事故和货物丢失的系统。 Streamax Crocus 1.3.40版本存在SQL注入漏洞,该漏洞源于对文件/MemoryState.do中参数orderField的错误操作,可能导致SQL注入攻击。
Description (English)
Streamax Crocus is a system used by Straamax China to reduce traffic accidents and cargo losses in commercial vehicles. The Stremax Crocus 1.3.40 version has an injection loophole in SQL, which is the result of a mishandling of the argument orderfield in document/MemoryState.do, which could lead to an attack on SQL.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
锐明
Published
2025-10-17
Last Modified
2026-02-24
References
https://vuldb.com/?submit.671437 https://vuldb.com/?ctiid.328920 https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F-3.md https://vuldb.com/?id.328920 https://access.redhat.com/security/cve/cve-2025-11910
Share on: