648540858 wvp-GB28181-pro SQL Injection Vulnerability in Stream Proxy Query Component

Vulnerability

A critical SQL injection vulnerability has been identified in 648540858 wvp-GB28181-pro versions through 2.7.4. The issue resides in the Stream Proxy Query Handler, specifically within the selectAll function of StreamProxyProvider.java. The vulnerability allows authenticated attackers to execute arbitrary SQL commands by exploiting the /api/proxy/list endpoint, where user input is improperly sanitized before being included in SQL statements. This flaw could lead to unauthorized access to sensitive database information.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, potentially leading to unauthorized data access or manipulation within the database.

Added: Mar 23, 2026, 9:31 PM

Updated: Mar 23, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

648540858 wvp-GB28181-pro SQL Injection Vulnerability in Stream Proxy Query Component

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating