Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)

Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)

CVE-2022-1372 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.