Leoumaster

Name of the Vulnerable Software and Affected Versions: Dahua Smart Cloud Gateway Registration Management Platform (affected versions not specified) Description: An SQL injection issue exists in the Dahua Smart Cloud Gateway Registration Management Platform via the `username` parameter in the "/index.php/User/doLogin" endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information. Recommendations: As a temporary workaround, consider restricting access to the "/index.php/User/doLogin" endpoint until a patch is available. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.