Lucene search
K

6 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/08/23 3:8 p.m.21 views

Metasploit Weekly Wrap-Up 08/23/2024

New module content 3 Fortra FileCatalyst Workflow SQL Injection CVE-2024-5276 Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: 19373 contributed by h4x-x0r Path: admin/http/fortrafilecatalystworkflowsqli AttackerKB reference: CVE-2024-5276 Description: This adds an auxiliary modu...

9.8CVSS9AI score0.90067EPSS
Exploits10
0day.today
0day.today
added 2024/08/22 12:0 a.m.250 views

DIAEnergie 1.10 SQL Injection Exploit

This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description...

9.8CVSS8.2AI score0.29425EPSS
Exploits5
Circl
Circl
added 2024/08/21 2:3 p.m.10 views

CVE-2024-4548

creationtimestamp| type| source ---|---|--- 2024-08-21 14:03:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/diaenergiesqli.rb 2025-02-06 03:13:46+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:11:04+00:00| seen|...

9.8CVSS9.2AI score0.29425EPSS
Exploits5References1
NVD
NVD
added 2024/05/06 2:15 p.m.35 views

CVE-2024-4548

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

9.8CVSS9.6AI score0.29425EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2024/05/06 1:51 p.m.26 views

CVE-2024-4548 Delta Electronics DIAEnergie SQL Injection

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

9.8CVSS7.2AI score0.29425EPSS
Exploits5References1
CVE
CVE
added 2024/05/06 1:51 p.m.57 views

CVE-2024-4548

CVE-2024-4548 concerns a SQL injection in Delta Electronics DIAEnergie prior to and including v1.10.1.8610, triggered when CEBC.exe processes a RecalculateHDMWYC message split into four fields by the ~ separator; the attacker can inject via the fourth field. The vulnerability is unauthenticated a...

9.8CVSS7.1AI score0.29425EPSS
Exploits5References1Affected Software1
Rows per page
Query Builder