2 matches found
CVE-2023-3836
CVE-2023-3836 affects Dahua Smart Park Management prior to 20230713. Multiple connected sources confirm an unrestricted/unauthorized file upload vulnerability in the endpoint /emap/devicePoint_addImgIco?hasSubsystem=true, enabling remote file upload and potentially remote code execution or full s...
CVE-2023-3121
Dahua Smart Parking Management (versions up to 20230528) contains a server-side request forgery (SSRF) in the /ipms/imageConvert/image endpoint triggered by manipulating the fileUrl parameter. The vulnerability affects an unknown code path in that file and exploitation has been publicly disclosed...