QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34059

Published: Jul 1, 2025

Modified: Nov 20, 2025

PUBLISHED

Description

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Vendor	Product	Versions
Zhejiang Dahua Technology Co., Ltd.	Smart Cloud Gateway Registration Management Platform	affected `0`

Weaknesses (CWE)

References

https://www.cnvd.org.cn/flaw/show/CNVD-2024-38747

third-party-advisory

https://www.cnblogs.com/LeouMaster/p/18509644

exploit

https://www.dahuatech.com/

product

https://pentest-tools.com/vulnerabilities-exploits/zhejiang-dahua-smart-cloud-gateway-registration-platform-sql-injection-cnvd-2024-38747_23762

third-party-advisory

https://vulncheck.com/advisories/dahua-smart-cloud-gateway-sql-injection

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.