Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2021-93913
HistoryAug 27, 2021 - 12:00 a.m.

DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93913)

2021-08-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
diaenergie
sql injection
vulnerability
datahandler
remote attacker
arbitrary code
nt servicemssqlserver

EPSS

0.002

Percentile

64.7%

JSON

A SQL blind injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter agid before using the value as part of a SQL query. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of NT SERVICEMSSQLSERVER.

Related

cvelist 1
prion 1
nvd 1
cve 1
ics 1
cvelist
cvelist
CVE-2021-38393
2021-08-30 17:31:10
prion
prion
Sql injection
2021-08-30 18:15:00
nvd
nvd
CVE-2021-38393
2021-08-30 18:15:09
cve
cve
CVE-2021-38393
2021-08-30 18:15:09
ics
ics
Delta Electronics DIAEnergie (Update C)
2022-08-02 12:00:00

EPSS

0.002

Percentile

64.7%

JSON
Related for CNVD-2021-93913
cvelist1prion1nvd1cve1ics1