6 matches found
Metasploit Weekly Wrap-Up 08/23/2024
New module content 3 Fortra FileCatalyst Workflow SQL Injection CVE-2024-5276 Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 19373 contributed by h4x-x0r Path: admin/http/fortrafilecatalystworkflowsqli AttackerKB reference: CVE-2024-5276 Description: This adds an auxiliary modu...
DIAEnergie 1.10 SQL Injection Exploit
This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description...
CVE-2024-4548
creationtimestamp| type| source ---|---|--- 2024-08-21 14:03:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/diaenergiesqli.rb 2025-02-06 03:13:46+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:11:04+00:00| seen|...
CVE-2024-4548
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4548 Delta Electronics DIAEnergie SQL Injection
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...
CVE-2024-4548
CVE-2024-4548 concerns a SQL injection in Delta Electronics DIAEnergie prior to and including v1.10.1.8610, triggered when CEBC.exe processes a RecalculateHDMWYC message split into four fields by the ~ separator; the attacker can inject via the fourth field. The vulnerability is unauthenticated a...