Authenticated SQL Injection Vulnerability in Eaton Intelligent Power Manager (IPM) Prior to 1.69

Authenticated SQL Injection Vulnerability in Eaton Intelligent Power Manager (IPM) Prior to 1.69

CVE-2021-23276 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.