Описание
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.69 (исключая)Версия до 1.69 (исключая)Версия до 1.68 (исключая)
Одно из
cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*:*:*:*:*:*:*:*
cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.
EPSS
Процентиль: 29%
0.00103
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89