CVE-2024-47487: 
Hikvision HikCentral Professional vulnerability analysis and mitigation

A SQL injection vulnerability (CVE-2024-47487) was discovered in HikCentral Professional versions between V2.0.0 and V2.6.0. The vulnerability allows authenticated users to execute arbitrary SQL queries in the system (NVD, Hikvision Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 7.2 HIGH (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L) and CVSS v3.1 base score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (NVD).

If successfully exploited, this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data, modification of database contents, and compromise of system integrity (Security Online).

Hikvision has addressed this vulnerability by releasing HikCentral Professional version V2.6.1. Users are strongly recommended to upgrade to the fixed version by contacting their local technical support team (Hikvision Advisory).