Lucene search
China National Vulnerability DatabaseCNVD-2021-93914HistoryAug 27, 2021 - 12:00 a.m.
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93914)
2021-08-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.002 Low
EPSS
Percentile
61.4%
A SQL blind injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via parameter type before using the value as part of an SQL query. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of NT SERVICEMSSQLSERVER.
| CPE | Name | Operator | Version |
|---|---|---|---|
| å°čžžįĩåäŧä¸įŽĄį(ä¸æĩˇ)æéå Ŧå¸ diaenergie | le | 1.7.5 |
Related
cve
cve
CVE-2021-38391
2021-08-30 18:15:09
nessus
nessus
Delta Electronics DIAEnergie Blind SQLi (CVE-2021-38391)
2022-06-06 00:00:00
cvelist
cvelist
CVE-2021-38391
2021-08-30 17:30:50
checkpoint_advisories
checkpoint_advisories
Delta Electronics DIAEnergie SQL Injection (CVE-2021-38391)
2021-12-29 00:00:00
prion
prion
Sql injection
2021-08-30 18:15:00
nvd
nvd
CVE-2021-38391
2021-08-30 18:15:09
ics
ics
Delta Electronics DIAEnergie (Update C)
2022-08-02 12:00:00