Skip to main content

CVE-2025-6116: SQL Injection in Das Parking Management System 停车场管理系统

Medium
VulnerabilityCVE-2025-6116cvecve-2025-6116
Published: Mon Jun 16 2025 (06/16/2025, 09:31:05 UTC)
Source: CVE Database V5
Vendor/Project: Das
Product: Parking Management System 停车场管理系统

Description

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFieldVehicle/Search of the component API. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 06/16/2025, 10:04:28 UTC

Technical Analysis

CVE-2025-6116 is a SQL Injection vulnerability identified in version 6.2.0 of the Das Parking Management System (停车场管理系统). The vulnerability resides in the API component, specifically within the /IntraFieldVehicle/Search endpoint. The issue arises from improper sanitization or validation of the 'Value' argument, which allows an attacker to inject malicious SQL code. This injection can be performed remotely without any authentication or user interaction, making exploitation relatively straightforward. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have yet been observed in the wild. The CVSS 4.0 base score is 6.9, categorized as medium severity, reflecting the potential for partial impact on confidentiality, integrity, and availability. The attack vector is network-based with low attack complexity and no privileges or user interaction required. The vulnerability affects the confidentiality, integrity, and availability of the backend database, potentially allowing attackers to extract sensitive data, modify records, or disrupt service availability. Given the critical nature of parking management systems in urban infrastructure and commercial facilities, exploitation could lead to operational disruptions and data breaches.

Potential Impact

For European organizations using the Das Parking Management System 6.2.0, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized access to sensitive data such as vehicle records, user information, and transaction logs. This could result in privacy violations under GDPR regulations, leading to legal and financial repercussions. Integrity of parking data could be compromised, causing incorrect billing or access control failures, which may disrupt operations and customer trust. Availability impacts could manifest as denial of service if the database is manipulated or corrupted, affecting parking facility operations. Organizations managing critical infrastructure or high-traffic urban parking facilities could face operational downtime, reputational damage, and increased risk of further attacks leveraging compromised systems. The public disclosure of the vulnerability increases the urgency for mitigation to prevent opportunistic attacks.

Mitigation Recommendations

1. Immediate application of vendor patches or updates once available is critical. Since no patch links are currently provided, organizations should engage with the vendor for timely remediation. 2. Implement Web Application Firewall (WAF) rules specifically targeting SQL injection patterns on the /IntraFieldVehicle/Search API endpoint to block malicious payloads. 3. Conduct thorough input validation and sanitization on all user-supplied inputs, especially the 'Value' parameter, using parameterized queries or prepared statements to prevent injection. 4. Monitor logs for unusual query patterns or repeated failed attempts targeting the vulnerable endpoint to detect exploitation attempts early. 5. Restrict network access to the API endpoint to trusted IP ranges where feasible, reducing exposure to external attackers. 6. Perform regular security assessments and penetration testing focused on API endpoints to identify and remediate injection flaws proactively. 7. Educate development and operations teams on secure coding practices and the importance of input validation to prevent similar vulnerabilities in future releases.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-15T10:12:09.882Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 684fe8a2a8c921274383ef56

Added to database: 6/16/2025, 9:49:22 AM

Last enriched: 6/16/2025, 10:04:28 AM

Last updated: 8/5/2025, 7:48:11 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats