Primary

Context

Das Parking Management System SQL Injection Vulnerability in Search API Endpoint

Vulnerability

A remote SQL injection vulnerability has been identified in Das Parking Management System version 6.2.0. The issue arises in the Search API Endpoint, where the 'Value' parameter can be manipulated to execute arbitrary SQL commands. This vulnerability does not require authentication to exploit.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the '/ParkingRecord/Search' endpoint. Include a JSON payload that specifies the 'Value' parameter within the 'Filters' array. The injection can be performed by inserting malicious SQL code into the 'Value' parameter, which will be executed by the application's database.

Added: May 26, 2026, 4:45 PM

Updated: May 26, 2026, 4:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Das Parking Management System SQL Injection Vulnerability in Search API Endpoint

Vulnerability

Impact

Reproduction

Affected Products

Das Parking Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating