3 matches found
KevinLAB BEMS 1.0 - SQL Injection
KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through inputid POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and...
CVE-2021-37291
creationtimestamp| type| source ---|---|--- 2022-04-11 22:16:13+00:00| seen| https://t.me/cibsecurity/40497 2025-01-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-02 2025-01-13 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-13...
CVE-2021-37291
CVE-2021-37291 : KevinLAB BEMS 1.0.0 is affected by an SQL injection in the input_id POST parameter (in /http/index.php). The vulnerability arises from unsanitized input used in SQL queries, enabling unauthenticated attackers to read/modify data and potentially perform admin actions. The NUCLEI t...