CVE-2021-22856

February 18, 2021

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

Summary:

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

Reference Links(if available):

  • https://www.twcert.org.tw/tw/cp-132-4394-76d41-1.html

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image

    CACTUS Ransomware Victim: https://www[.]xdconnects[.]com/

    April 19, 2024
    iStock 154974489

    Cyber Assessment Framework 3.2

    April 19, 2024
    hkcert

    Palo Alto Products Remote Code Execution Vulnerability

    April 19, 2024
    HIBP Banner 1

    Le Slip Français – 1,495,127 breached accounts

    April 19, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 19, 2024