CVE-2024-7732

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7731

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

PT-2024-38540 · Secom · Dr.Id Access Control System

Name of the Vulnerable Software and Affected Versions: Dr.ID Access Control System from SECOM versions up to 3.6.2 Description: The issue allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents due to improper validation of a...

SECOM Dr.ID Access Control System SQL注入漏洞

SECOM Dr.ID Access Control System is an access control system of China Zhongbao SECOM Corporation. A SQL injection vulnerability exists in SECOM Dr.ID Access Control System versions prior to 3.5.0.0.0.5, which stems from the presence of specific page parameters that are not properly validated,...

PT-2024-38539 · Secom · Dr.Id Access Control System

Name of the Vulnerable Software and Affected Versions: Dr.ID Access Control System from SECOM versions up to 3.6.2 Description: The issue allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents due to improper validation of a...

Taiwan Secom Dr.ID Access control 信任管理问题漏洞

Taiwan Secom Dr.ID Access control is an access control system from Taiwan Secom Corporation in Taiwan, China. A security vulnerability exists in the Taiwan Secom Dr.ID Access control system due to a hard-coded credential in the source code of the login page. An unauthenticated remote attacker cou...

CVE-2021-35962

Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission...

CVE-2021-35961

Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission...

CVE-2021-35962

The CVE-2021-35962 entry concerns Dr. ID Door Access Control and Personnel Attendance Management system. The connected sources confirm a vulnerability in specific page parameters that do not filter special characters, enabling path traversal. Result: remote attackers can download credential files...

SQL Injection Vulnerability in Dr.ID Access Control and Time Attendance System of ZTE Security Co.

Dr.ID Access Control & Time Attendance System is a system of ZTE Security Co. Dr.ID Access Control & Attendance System of ZTE Security Co. Ltd. suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...