3 matches found
CVE-2021-21937
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘hostaltfilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...
CVE-2021-21937
CVE-2021-21937 affects Advantech R-SeeNet (industrial monitoring software) with multiple SQL injection flaws on the device_list page (notably in host_alt_filter and related filters). Root cause: improper neutralization of user-supplied data leading to SQL injection (CWE-89). Exploitation requires...
Advantech R-SeeNet
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: SQL Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated users to perform a local privilege...