Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww diaenergie vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2022-25880
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
NA
CVE-2024-28029
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
Deltaww Diaenergie
890
VMScore
CVE-2021-38391
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of ...
Deltaww Diaenergie
890
VMScore
CVE-2021-38393
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part...
Deltaww Diaenergie
445
VMScore
CVE-2022-25347
Delta Electronics DIAEnergie (All versions before 1.8.02.004) is vulnerable to path traversal attacks, which may allow an malicious user to write arbitrary files to locations on the file system.
Deltaww Diaenergie
890
VMScore
CVE-2022-26836
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
409
VMScore
CVE-2022-26839
Delta Electronics DIAEnergie (All versions before 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an malicious user to plant new files (such as DLLs) or replace existing executable files.
Deltaww Diaenergie
890
VMScore
CVE-2022-26887
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
NA
CVE-2022-40967
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
Deltaww Diaenergie
890
VMScore
CVE-2022-26514
Delta Electronics DIAEnergie (All versions before 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an malicious user to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Deltaww Diaenergie
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »