CVE-2024-47487

Name of the Vulnerable Software and Affected Versions: HikCentral Professional versions prior to 2.6.0

Description: The issue is related to a SQL injection vulnerability. This could allow an authenticated user to execute arbitrary SQL queries. The vulnerability is remotely exploitable.

Recommendations: For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL query functionality until a patch is available. Avoid using user-input data in SQL queries to minimize the risk of exploitation.