CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 3CVE-2023-3836 – Dahua Smart Park Management unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3836
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/codeb0ss/CVE-2023-3836 https://github.com/zh-byte/CVE-2023-3836 https://github.com/qiuhuihk/cve/blob/main/upload.md https://vuldb.com/?ctiid.235162 https://vuldb.com/?id.235162 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3121 – Dahua Smart Parking Management image server-side request forgery
https://notcve.org/view.php?id=CVE-2023-3121
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. • https://github.com/RCEraser/cve/blob/main/DaHua..md https://vuldb.com/?ctiid.230800 https://vuldb.com/?id.230800 • CWE-918: Server-Side Request Forgery (SSRF) •