A SQL blind injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via parameter type before using the value as part of an SQL query. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of NT SERVICEMSSQLSERVER.