13 results (0.003 seconds)

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4828497866583347285 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601474 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392210 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1036467615091601464 • CWE-269: Improper Privilege Management •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392205 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

27 Apr 2025 — There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4693390139849392200 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1820079027271819342 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5666152569221570627 • CWE-269: Improper Privilege Management •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. • https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6999218053484646494 • CWE-269: Improper Privilege Management •