PT-2025-31470 · Kehua · Kehua Charging Pile Cloud Platform
Qiantx
·
Published
2025-07-31
·
Updated
2025-09-12
·
CVE-2025-8347
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kehua Charging Pile Cloud Platform version 1.0
Description
A critical vulnerability exists in Kehua Charging Pile Cloud Platform 1.0. The issue involves a SQL injection affecting an unknown part of the
/sys/task/findAllTask file. This allows for remote exploitation. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kehua Charging Pile Cloud Platform