29 matches found
CVE-2026-3966
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
CVE-2026-4597
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
EUVD-2026-16145
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...
CVE-2026-4860 648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...
CVE-2026-4860
The CVE-2026-4860 entry concerns 648540858 wvp-GB28181-pro up to version 2.7.4. It affects the API Endpoint component, specifically the function GenericFastJsonRedisSerializer in src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java. The issue enables deserialization, with remot...
PT-2026-28653
Name of the Vulnerable Software and Affected Versions 648540858 wvp-GB28181-pro versions up to 2.7.4 Description A security flaw exists in the 648540858 wvp-GB28181-pro software. The issue is related to deserialization within the GenericFastJsonRedisSerializer function located in the file...
wvp-GB28181-pro 代码问题漏洞
WVP-GB28181-Pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-Pro 2.7.4 and earlier have code vulnerabilities. These vulnerabilities stem from a deserialization issue in the function GenericFastJsonRedisSerializer within the component API...
CVE-2026-4597
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-4597 648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...
CVE-2026-4597
CVE-2026-4597 affects the 648540858 wvp-GB28181-pro product up to version 2.7.4. The vulnerability is in the function selectAll within the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the Stream Proxy Query Handler . The issue results in an SQL inj...
wvp-GB28181-pro SQL注入漏洞
WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...
EUVD-2026-11491
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
CVE-2026-3966
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
CVE-2026-3966 648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
CVE-2026-3966 648540858 wvp-GB28181-pro IP Address ABLMediaNodeServerService.java getDownloadFilePath server-side request forgery
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
CVE-2026-3966
CVE-2026-3966 affects the 648540858 wvp-GB28181-pro package up to version 2.7.4-20260107. The issue lies in the getDownloadFilePath function of ABLMediaNodeServerService.java under the IP Address Handler; manipulating the MediaServer.streamIp argument triggers server-side request forgery (SSRF). ...
PT-2026-24897
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...
CVE-2024-36523
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts...
CVE-2024-37665
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request...
CVE-2024-36523
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts...