A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2024-13 |
Configurations
No configuration.
History
06 May 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-06 14:15
Updated : 2024-05-06 16:00
NVD link : CVE-2024-4547
Mitre link : CVE-2024-4547
CVE.ORG link : CVE-2024-4547
JSON object : View
Products Affected
No product.
CWE
CWE-20
Improper Input Validation