Sechzredo

**Name of the Vulnerable Software and Affected Versions** Das Parking Management System versions 6.2.0 **Description** A vulnerability exists in Das Parking Management System that may lead to information disclosure. The issue impacts an unknown function within the `/Operator/Search` file and can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Das Parking Management System 停车场管理系统 version 6.2.0 **Description** A flaw has been found in Das Parking Management System 停车场管理系统 that causes information disclosure. The issue affects an unknown function of the file `/Operator/FindAll`. This manipulation can be initiated remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the file `/Operator/FindAll` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Das Parking Management System version 6.2.0 **Description** A critical issue was found in the API component, specifically affecting an unknown part of the /IntraFieldVehicle/Search file. The manipulation of the `Value` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed and may be used. **Recommendations** For version 6.2.0, consider restricting access to the /IntraFieldVehicle/Search API endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `Value` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Das Parking Management System version 6.2.0 **Description** A critical issue was found in the API component of the system, specifically affecting the /Reservations/Search file. The manipulation of the `Value` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 6.2.0, as a temporary workaround, consider restricting access to the /Reservations/Search API endpoint until a patch is available. Avoid using the `Value` argument in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Das Parking Management System versions 6.2.0 **Description** A critical issue affects the /vehicle/search API endpoint of the component, where manipulation of the `vehicleTypeCode` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 6.2.0, consider disabling the /vehicle/search API endpoint or restricting access to it until a patch is available. As a temporary workaround, avoid using the `vehicleTypeCode` argument in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** Brilliance Golden Link Secondary System up to 20250424 **Description** A critical issue was found in the Brilliance Golden Link Secondary System. The problem affects the file /storagework/rentChangeCheckInfoPage.htm and is related to the manipulation of the `clientname` argument, which leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Brilliance Golden Link Secondary System up to 20250424, consider restricting access to the /storagework/rentChangeCheckInfoPage.htm file and avoid using the `clientname` argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brilliance Golden Link Secondary System up to 20250424 **Description** A critical issue has been found in the Brilliance Golden Link Secondary System. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument `custTradeId` leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Brilliance Golden Link Secondary System up to 20250424, consider restricting access to the `/reprotframework/tcCustDeferPosiQuery.htm` file until a patch is available. As a temporary workaround, avoid using the `custTradeId` argument in the affected file to minimize the risk of sql injection exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brilliance Golden Link Secondary System up to 20250424 **Description** A critical vulnerability was found in the Brilliance Golden Link Secondary System. The issue affects an unknown function of the file /sysframework/logSelect.htm. The manipulation of the `nodename` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/sysframework/logSelect.htm` file until a patch is available. Avoid using the `nodename` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keytop 路内停车收费系统 version 2.7.1 **Description** A critical issue has been identified, affecting an unknown functionality of the file /saas/commonApi/park/getParks of the component API. This leads to improper authentication. The issue can be exploited remotely. **Recommendations** For version 2.7.1, consider restricting access to the /saas/commonApi/park/getParks API endpoint to minimize the risk of exploitation. As a temporary workaround, review and strengthen authentication mechanisms until a patch is available.

**Name of the Vulnerable Software and Affected Versions** dayrui XunRuiCMS versions up to 4.6.3 **Description** A vulnerability was found in the component Friendly Links Handler of dayrui XunRuiCMS. The manipulation of the `Website Address` argument leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For dayrui XunRuiCMS versions up to 4.6.3, consider disabling the Friendly Links Handler component until a patch is available. Restrict access to the `Website Address` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.