MEDIUM
Das
CVE published 2026-05-26
CVE-2026-9551
A SQL injection vulnerability exists in Das Parking Management System (停车场管理系统) version 6.2.0, specifically within the xp_cmdshell function of the ParkingRecord/ExportParkingRecords API endpoint. The vulnerability allows remote attackers to manipulate the 'Value' parameter to inject arbitrary SQL commands. The CVSS 4.0 vector indicates network attack vector with low complexity, no required privileges or u [truncated]