Kevinlab: >> 4st L-Bems Security Vulnerabilities
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-04-11
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.
CVSS Score
7.2
EPSS Score
0.017
Published
2022-04-11
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-04-11