Deltaww: >> Diaenergie Security Vulnerabilities
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-03
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-03
SQL injection vulnerability exists in GetDIAE_usListParameters.
CVSS Score
8.8
EPSS Score
0.019
Published
2024-04-01
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_astListParameters.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21
Improper neutralization of input within the affected product could lead to cross-site scripting.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-03-21
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_unListParameters.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_slogListParameters.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21
SQL injection vulnerability exists in the script Handler_CFG.ashx.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21