CVE-2022-26666
Delta Electronics DIAEnergie (all versions before 1.9) contains a blind SQL injection in HandlerECC.ashx that lets an attacker inject arbitrary SQL, retrieve/modify data, and potentially execute system commands. The CVSS v3.1 base score is 9.8 (CRITICAL), with network access, no authentication, a...