Baison Channel Middleware SQL Injection Vulnerability in Product 2.0.1

Vulnerability

A critical SQL injection vulnerability has been identified in Baison Channel Middleware Product version 2.0.1. The issue arises in the file '/e3api/api/main/ToJsonByControlName', where the 'data' argument can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, allowing attackers to retrieve database information using various injection techniques, such as boolean-based, time-based, and union-based injections.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can execute malicious SQL queries that could manipulate the database or retrieve sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Baison Channel Middleware SQL Injection Vulnerability in Product 2.0.1

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating