CVE-2025-34059 Information

Jul 02, 2025 cve

Description

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information.

Reference

https://pentest-tools.com/vulnerabilities-exploits/zhejiang-dahua-smart-cloud-gateway-registration-platform-sql-injection-cnvd-2024-38747_23762 https://vulncheck.com/advisories/dahua-smart-cloud-gateway-sql-injection https://www.cnblogs.com/LeouMaster/p/18509644 https://www.cnvd.org.cn/flaw/show/CNVD-2024-38747 https://www.dahuatech.com/

CNNVD-202507-053 (Published: 2025-07-01)

Share on:

CVE-2025-34059 Information

Description

Reference

Related CNNVD