漏洞描述
Hikvision Hybrid SAN存在SQL注入漏洞,此漏洞是由于dynamic_log.php接口对用户请求的downloadtype参数的值验证不当造成的。
Hikvision Hybrid SAN CVE-2022-28161 SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- hikvision-files-upload: Hikvision Files Upload
- spon-ip-intercom-ping-rce: Hikvision SPON IP网络对讲广播系统存在命令执行漏洞
- POC CVE-2017-7921: Hikvision - Authentication Bypass
- POC CVE-2021-36260: Hikvision IP camera/NVR - Remote Command Execution
- POC CVE-2023-6895: Hikvision IP ping.php - Command Execution
- POC CVE-2017-7921: Hikvision CVE-2017-7921
- POC CVE-2021-36260: Hikvision IP camera/NVR - Unauthenticated RCE
- POC hikvision-intercom-service-default-password: Hikvision Intercom Service Default Password
- POC hikvision-env: Hikvision Springboot Env Actuator - Detect
- POC hikvision-ivms-file-upload-rce: Hikvision iVMS-8700 - File Upload Remote Code Execution
- POC hikvision-js-files-upload: Hikvision iSecure Center - File Upload
- Hikvision iVMS 4200 index.php 存在本地文件包含漏洞
- Hikvision Hybrid SAN/Cluster Storage 存在安全漏洞(CVE-2022-28171)