CVE-2025-34059

Dahua Smart Cloud Gateway Registration Management Platform SQL Injection

Description

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

INFO

Published Date :

2025-07-01T14:48:51.722Z

Last Modified :

2025-11-20T18:34:32.177Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2025-34059 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34059.

URL	Resource
https://pentest-tools.com/vulnerabilities-exploits/zhejiang-dahua-smart-cloud-gateway-registration-platform-sql-injection-cnvd-2024-38747_23762
https://vulncheck.com/advisories/dahua-smart-cloud-gateway-sql-injection
https://www.cnblogs.com/LeouMaster/p/18509644
https://www.cnvd.org.cn/flaw/show/CNVD-2024-38747
https://www.dahuatech.com/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability