Описание
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.02.004 (исключая)
cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00229
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
EPSS
Процентиль: 45%
0.00229
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-89
CWE-89