3 matches found
Delta Electronics DIAEnergie SQL Injection (CVE-2021-32983)
An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to input validation error when processing keyword parameter in HandlerCFG.ashx endpoint...
CVE-2021-32983
Delta Electronics DIAEnergie vulnerability CVE-2021-32983 is a Blind SQL Injection in the /DataHandler/Handler_CFG.ashx endpoint (versions prior to 1.9). The flaw arises from improper validation of the keyword parameter before building an SQL query, allowing remote, unauthenticated attackers to e...
Delta Electronics DIAEnergie (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, Unrestricted Upload of Fil...