Lucene search
China National Vulnerability DatabaseCNVD-2021-93914HistoryAug 27, 2021 - 12:00 a.m.
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93914)
2021-08-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
diaenergie
sql
blind injection
vulnerability
datahandler
am
nt servicemssqlserver
remote
attacker
arbitrary code
EPSS
0.002
Percentile
64.7%
A SQL blind injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via parameter type before using the value as part of an SQL query. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of NT SERVICEMSSQLSERVER.
Related
checkpoint_advisories
checkpoint_advisories
Delta Electronics DIAEnergie SQL Injection (CVE-2021-38391)
2021-12-29 00:00:00
prion
prion
Sql injection
2021-08-30 18:15:00
nvd
nvd
CVE-2021-38391
2021-08-30 18:15:09
nessus
nessus
Delta Electronics DIAEnergie Blind SQLi (CVE-2021-38391)
2022-06-06 00:00:00
cvelist
cvelist
CVE-2021-38391
2021-08-30 17:30:50
cve
cve
CVE-2021-38391
2021-08-30 18:15:09
ics
ics
Delta Electronics DIAEnergie (Update C)
2022-08-02 12:00:00