3 matches found
Improper Neutralization of Special Elements in Data Query Logic
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...
CVE-2021-41314
Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create or overwrite a file with specific content e.g., the "2" string. This leads to admin session crafting and...
CVE-2021-41314
CVE-2021-41314 affects several NETGEAR smart switches. The vulnerability is an injection in the web UI password field that, due to flawed authentication handling, allows an unauthenticated attacker to create or overwrite a file with specific content, enabling admin session crafting and full web U...