CVE-2022-3731 A vulnerability has been found in seccome Ehoney and classified as critical. The manipulation of the argument Payload leads to sql injection.
The vulnerability can be exploited via web requests and is detected by the rule SEH_SQL_INJECTION. A Proof of Concept (PoC) has been provided
CVE-2021-36206 CEVAS prior to version 1.01.46 could allow users to bypass authentication and retrieve data with specially crafted SQL queries.
This issue has been fixed in all versions of CEVAS.
Versions of CEVAS prior to 1.02.28 contain a SQL injection vulnerability.
These issues
CVE-2022-41773 - Deep Dive into DIAEnergie’s SQL Injection Vulnerability (Pre-v1.9.01.002)
In late 2022, cybersecurity professionals discovered a serious vulnerability—CVE-2022-41773—in the energy management platform DIAEnergie. Before patch v1.9.01.002, this product was
CVE-2022-40967 - How a SQL Injection in DIAEnergie (Before v1.9.01.002) Lets Low-Privileged Users Run Dangerous Queries
DIAEnergie is a popular energy management software made by Delta Electronics. In late 2022, security researchers discovered a critical vulnerability in some versions of DIAEnergie
CVE-2022-41133 DIAEnergie is vulnerable to a SQL injection in GetDIAE_line_message_settingsListParameters.
The update addresses this issue by adding the following protections: - Restricting the GetDIAE_line_message_settingsList parameters to the DIAEnergie vendor and DIAEnergie line
Episode
00:00:00
00:00:00