Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TAPHOME SQL Injection in Core Platform
Vulnerability Description
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
TapHome SQL注入漏洞
Vulnerability Description
TapHome是斯洛伐克TapHome公司的一个可以自己进行调整的智能家居系统。 TapHome 2023.2之前版本存在SQL注入漏洞,该漏洞源于存在SQL注入漏洞,允许低权限用户执行任意SQL命令并获得完全读取权限,还可能导致写入访问受限和临时拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A