漏洞描述
SECOM Dr.ID Access Control System是中国中保(SECOM)公司的一个访问控制系统。 SECOM Dr.ID Access Control System 3.5.0.0.0.5之前版本存在SQL注入漏洞,该漏洞源于存在未正确验证特定页面参数,允许未经身份验证的远程攻击者注入SQL命令来读取、修改和删除数据库内容。
SECOM Dr.ID Access Control System SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-9039: Couchbase Server - Broken Access Control
- POC CVE-2021-28799: QNAP HBS 3 - Broken Access Control
- POC CVE-2021-37598: WP Cerber < 8.9.3 - Broken Access Control
- POC exist-db-dashboard-access: eXist-DB Dashboard Access
- 金慧综合管理信息系统SystemName参数存在SQL注入漏洞
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC drupal-directory-listing: Drupal Directory Listing
- POC grafana-unauth-access: Grafana Unauthenticated Access
- POC CVE-2021-20617: Acmailer - Improper Access Control to OS Command Injection
- POC CVE-2021-33829: Drupal 7 CKEditor XSS
- POC CVE-2022-4940: WCFM Membership <= 2.10.0 - Broken Access Control
- POC CVE-2025-12139: Integrate Google Drive <= 1.5.3 - Information Disclosure
- POC CVE-2025-63387: Dify v1.9.1 - Broken Access Control