CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47487
https://notcve.org/view.php?id=CVE-2024-47487
18 Oct 2024 — There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. Existe una vulnerabilidad de inyección SQL en algunas versiones profesionales de HikCentral. Esto podría permitir que un usuario autenticado ejecute consultas SQL arbitrarias. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25064
https://notcve.org/view.php?id=CVE-2024-25064
02 Mar 2024 — Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25063
https://notcve.org/view.php?id=CVE-2024-25063
02 Mar 2024 — Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional •