CVE-2021-22859

Опубликовано: 17 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.

Ссылки

https://gist.github.com/tonykuo76/807c838b75879b0d327782dfcd2c3bea
Third Party Advisory
https://www.chtsecurity.com/news/c974fd28-c19b-4003-82f3-818904057496
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4517-51e25-1.html
Third Party Advisory
https://gist.github.com/tonykuo76/807c838b75879b0d327782dfcd2c3bea
Third Party Advisory
https://www.chtsecurity.com/news/c974fd28-c19b-4003-82f3-818904057496
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4517-51e25-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eic:e-document_system:3.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01696

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-x9wv-c8jw-pvg5

github

больше 3 лет назад