exploitDog

CVE-2024-4547

Опубликовано: 06 мая 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

Ссылки

https://www.tenable.com/security/research/tra-2024-13
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2024-13
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*

Версия до 1.10.01.004 (исключая)

EPSS

Процентиль: 82%

0.01655

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-20

CWE-89

Связанные уязвимости

GHSA-px8g-4wj9-x4p3

CVSS3: 9.8

github

почти 2 года назад

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field

EPSS

Процентиль: 82%

0.01655

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-20

CWE-89