KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass

Up next

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

Mobile Security

UK second most targeted nation behind America for Ransomware

After closely monitoring the most active ransomware groups in 2022, the KrakenLabs…

Cybersdecurity RedFlag
February 8, 2023

Mobile Security

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

Cato Networks today announced that it was named as a “Leader” and…

Cybersdecurity RedFlag
February 7, 2023

Mobile Security

Will Emphasising App Security Lead to More App Installs?

The app industry is incredibly competitive. There are millions of apps available…

Cybersdecurity RedFlag
February 7, 2023

Mobile Security

$400,000 Fine for Stalkerware App Developer

A fine of over $400,000 has been handed to the developer of…

Cybersdecurity RedFlag
February 6, 2023