The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API.
8.7CVSS
5.2AI Score
0.001EPSS
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
8.8CVSS
8.8AI Score
0.001EPSS
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
8.8CVSS
9AI Score
0.001EPSS
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
8.8CVSS
9AI Score
0.001EPSS
SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
8.8CVSS
9AI Score
0.001EPSS
SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
8.8CVSS
9AI Score
0.001EPSS
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
8.8CVSS
9AI Score
0.001EPSS
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
9.8CVSS
9.8AI Score
0.002EPSS
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
9.8CVSS
9.8AI Score
0.002EPSS
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
8.8CVSS
8.4AI Score
0.001EPSS
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
8.8CVSS
6.7AI Score
0.001EPSS