2 matches found
CVE-2023-37196
Schneider Electric StruxureWare Data Center Expert (DCE) pre‑7.9.3 is affected by a CWE-89 SQL Injection due to improper neutralization of special elements. An authenticated DCE user could access, modify, or delete content and tamper with endpoint alert settings. The CVE notes high impact (C/H/I/...
CVE-2023-37196
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command 'SQL Injection' vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the...