漏洞描述
SECOM Dr.ID Access Control System是中国中保(SECOM)公司的一个访问控制系统。 SECOM Dr.ID Access Control System 3.5.0.0.0.5之前版本存在SQL注入漏洞,该漏洞源于存在未正确验证特定页面参数,允许未经身份验证的远程攻击者注入SQL命令来读取、修改和删除数据库内容。
SECOM Dr.ID Access Control System SQL注入漏洞
PoC代码
暂无相关漏洞推荐
- 泛微e-office /E-mobile/App/System/UserSelect/dept.php 未授权访问漏洞
- POC CVE-2022-29081: Zoho ManageEngine - Access Control Bypass
- School Fees Payment System /student.php SQL 注入漏洞(CVE-2025-6403)
- POC CVE-2025-12480: Triofox - Improper Access Control
- POC CVE-2025-52665: UniFi Access - Broken Access Control
- POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
- POC unifi-create-user: UniFi - Unauthenticated Creation Access For Users
- 中成科信票务管理系统 /SystemManager/OrderManager/OrderManager.ashx 文件读取漏洞
- 孚盟云CRM /Ajax/GetDropDownListContent.ashx SQL 注入漏洞
- HJSoft HCM Human Resources Management System /selfservice/lawresource/downlawbase SQL 注入漏洞(CVE-2025-10197)
- 孚盟云 GetDropDownListContent.ashx 存在SQL注入漏洞
- POC 孚盟云 GetDropDownListContent.ashx SQL注入漏洞
- Code-Projects Project Monitoring System SQL注入漏洞