Vulnerability Details CVE-2021-22859
The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://gist.github.com/tonykuo76/807c838b75879b0d327782dfcd2c3bea
- https://www.chtsecurity.com/news/c974fd28-c19b-4003-82f3-818904057496
- https://www.twcert.org.tw/tw/cp-132-4517-51e25-1.html
- https://gist.github.com/tonykuo76/807c838b75879b0d327782dfcd2c3bea
- https://www.chtsecurity.com/news/c974fd28-c19b-4003-82f3-818904057496
- https://www.twcert.org.tw/tw/cp-132-4517-51e25-1.html
Products affected by CVE-2021-22859
-
cpe:2.3:a:eic:e-document_system:3.0.2