Hikvision IP ping.php - Command Execution

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the myparser.php component...

CVE-2024-31680

CVE-2024-31680 affects Shibang Communications Co., Ltd. IP network intercom broadcasting system version 1.0. The vulnerability is a file upload flaw in the my_parser.php component, enabling a local attacker to execute arbitrary code. The available documents consistently describe this risk as a lo...

CVE-2024-3218 Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondatacallee/jsondataimagename leads to path traversal: '../filedir...

CVE-2024-3218

The CVE-2024-3218 entry affects Shibang Communications IP Network Intercom Broadcasting System v1.0, specifically the /php/busyscreenshotpush.php endpoint. The vulnerability arises from path traversal via manipulation of jsondata[callee]/jsondata[imagename] to escalate outside the intended direct...

CVE-2023-6894

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

Command injection

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

CVE-2023-6895

Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) contains an OS command injection in /php/ping.php via jsondata[ip], where the attacker-provided input (e.g., netstat -ano) can execute commands. Public exploit details exist; upgrading to version 4.1.0 addresses the issue.

CVE-2023-6895 Hikvision Intercom Broadcasting System ping.php os command injection

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

CVE-2023-6894 Hikvision Intercom Broadcasting System Log File system.html information disclosure

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

CVE-2023-6894

The CVE-2023-6894 entry concerns Hikvision Intercom Broadcasting System 3.0.3_20201113 RELEASE (HIK) with vulnerability in the Log File Handler’s file system.html (access/html/system.html). The exploit enables information disclosure through manipulation of that component. Multiple sources confirm...

Path traversal

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input...

CVE-2023-6893

Hikvision Intercom Broadcasting System 3.0.3 has a path traversal flaw in /php/exportrecord.php via the downname parameter (input like C:\ICPAS\Wnmp\WWW\php\conversion.php). The vulnerability is publicly disclosed; impact is path traversal. Upgrading to version 4.1.0 mitigates the issue. Some con...

CVE-2023-6893 Hikvision Intercom Broadcasting System exportrecord.php path traversal

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input...

PT-2023-32804 · Hikvision · Hikvision Intercom Broadcasting System

Name of the Vulnerable Software and Affected Versions: Hikvision Intercom Broadcasting System version 3.0.3 20201113 RELEASEHIK Description: A vulnerability was found in the Log File Handler component, affecting an unknown part of the file access/html/system.html. The manipulation leads to...