2 matches found
Sql injection
The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...
CVE-2022-41133 Delta Electronics DIAEnergie
The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in GetDIAElinemessagesettingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...