4 matches found
CVE-2021-21931
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ statfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...
CVE-2021-21931
CVE-2021-21931 affects Advantech R-SeeNet web interface. Multiple SQL injection paths exist in device_list.php (notably via stat_filter and related filters like host/prod/desc/etc.), allowing authenticated users (or CSRF-tied actions) to inject SQL through crafted HTTP requests. TALOS and related...
CVE-2021-21931
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ statfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...
Advantech R-SeeNet
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: SQL Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated users to perform a local privilege...