CVE-2023-7309 – Dahua Smart Park Integrated Management Platform SOAP Path Traversal Remote Code Execution Vulnerability

August 27, 2025

CVE ID : CVE-2023-7309

Published : Aug. 27, 2025, 10:15 p.m. | 3 hours, 34 minutes ago

Description : A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system. The vulnerability is presumed to affect builds released prior to September 2023 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13982 – SPON IP Network Broadcast System Arbitrary File Read Vulnerability

Next Article CVE-2023-7307 – Sangfor Behavior Management System XXE Injection Vulnerability

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2023-7309 – Dahua Smart Park Integrated Management Platform SOAP Path Traversal Remote Code Execution Vulnerability

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Laracon US 2025 Livestream

CVE-2025-5728 – SourceCodester Open Source Clinic Management System Unrestricted File Upload Vulnerability

Visual Studio Gets Better Controls for Copilot Code Suggestions

CVE-2025-2518 – IBM Db2 Denial of Service Vulnerability

Now GTA 6 has been delayed into 2026, what’s your most hyped game for the rest of 2025? — Weekend Discussion 💬

Building a GPU-Accelerated Ollama LangChain Workflow with RAG Agents, Multi-Session Chat Performance Monitoring

I love Elden Ring Nightreign’s weirdest boss — he bargains with you, heals you, and throws tantrums if you ruin his meditation

Scalable Reinforcement Learning with Verifiable Rewards: Generative Reward Modeling for Unstructured, Multi-Domain Tasks

CVE-2023-7309 – Dahua Smart Park Integrated Management Platform SOAP Path Traversal Remote Code Execution Vulnerability

Related Posts