Lucene search
+L

4 matches found

OSV
OSV
added 2021/12/22 7:15 p.m.5 views

CVE-2021-21916

An exploitable SQL injection vulnerability exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request at 'descriptionfilter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any...

8.8CVSS7.1AI score0.0138EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.66 views

CVE-2021-21916

Advantech R-SeeNet 2.4.15 (and prior) contains SQL injection vulnerabilities on the group_list page, including the description_filter parameter. The TALOS advisory documents multiple SQLi flaws in group_list with authenticated user or CSRF-enabled attack paths, and provides concrete proof-of-conc...

8.8CVSS8.7AI score0.0138EPSS
Exploits1References1Affected Software1
ICS
ICS
added 2021/12/14 12:0 a.m.58 views

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: SQL Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated users to perform a local privilege...

8.8CVSS8.3AI score0.20155EPSS
Exploits26References5
Check Point Advisories
Check Point Advisories
added 2014/05/26 12:0 a.m.162 views

SQL Servers Time-based SQL Injection (CVE-2011-4710; CVE-2019-13978; CVE-2019-16065; CVE-2019-16119; CVE-2019-16383; CVE-2019-16692; CVE-2020-15468; CVE-2020-26518; CVE-2020-29284; CVE-2021-21915; CVE-2021-21916; CVE-2021-21917; CVE-2022-23337; CVE-2022-25149)

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

9CVSS7.4AI score0.77956EPSS
Exploits33
Rows per page
Query Builder