Skip to content
Threat Feed
high advisory

Das Parking Management System 停车场管理系统 SQL Injection Vulnerability (CVE-2026-9551)

A SQL injection vulnerability exists in Das Parking Management System 停车场管理系统 version 6.2.0 allowing a remote attacker to execute arbitrary SQL commands by manipulating the Value argument in the xp_cmdshell function of the ParkingRecord/ExportParkingRecords API endpoint.

A SQL injection vulnerability, identified as CVE-2026-9551, affects Das Parking Management System 停车场管理系统 version 6.2.0. The vulnerability resides within the xp_cmdshell function of the ParkingRecord/ExportParkingRecords file, specifically in the API Endpoint component. An attacker can remotely exploit this vulnerability by manipulating the Value argument, injecting malicious SQL commands. Publicly available exploit code exists, increasing the risk of exploitation. The vendor was notified but did not respond.

Attack Chain

  1. Attacker identifies the vulnerable API endpoint /ParkingRecord/ExportParkingRecords.
  2. Attacker crafts a malicious HTTP request targeting the API endpoint.
  3. The request includes a modified Value argument designed to inject SQL commands into the application’s database query.
  4. The application processes the request without proper sanitization of the Value argument.
  5. The injected SQL commands are executed against the database.
  6. The attacker retrieves sensitive data from the database or modifies existing data.
  7. The attacker uses xp_cmdshell to execute arbitrary operating system commands.

Impact

Successful exploitation of CVE-2026-9551 allows an attacker to execute arbitrary SQL commands on the affected system. This can lead to unauthorized access to sensitive data, modification of data, or complete system compromise through operating system command execution via xp_cmdshell. The absence of vendor response exacerbates the risk, potentially leading to widespread exploitation if left unpatched.

Recommendation

  • Deploy the Sigma rule Detect CVE-2026-9551 Exploitation Attempt via SQL Injection to identify exploitation attempts (see below).
  • Monitor web server logs for suspicious requests to /ParkingRecord/ExportParkingRecords containing SQL injection payloads (see Sigma rule and webserver logs).
  • Apply input validation and sanitization to the Value argument in the ParkingRecord/ExportParkingRecords API endpoint.
  • Disable or restrict the use of xp_cmdshell if not required to prevent command execution.

Detection coverage 2

Detect CVE-2026-9551 Exploitation Attempt via SQL Injection

high

Detects CVE-2026-9551 exploitation attempt via SQL injection in ParkingRecord/ExportParkingRecords endpoint

sigma tactics: initial_access techniques: T1190, T1505.003 sources: webserver

Detect xp_cmdshell Usage in Web Requests

medium

Detects the usage of xp_cmdshell in web requests, potentially indicating SQL injection leading to command execution.

sigma tactics: execution techniques: T1059.004 sources: webserver

Detection queries are available on the platform. Get full rules →