CVE-2021-21915

HIGH Year: 2021
CVSS v3 Score
7.7
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

Related Vulnerabilities

CVE-2020-6249

HIGH
CVSS:7.7(High)

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the b...

CWE-892020

CVE-2021-21916

HIGH
CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker...

CWE-892021

CVE-2021-21917

HIGH
CVSS:7.7(High)

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make auth...

CWE-892021

CVE-2021-21918

HIGH
CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super...

CWE-892021

CVE-2021-21919

HIGH
CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administ...

CWE-892021

CVE-2021-21920

HIGH
CVSS:7.7(High)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account...

CWE-892021