KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass

Up next

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

Mobile Security

Will Facebook’s End-to-End Encryption Protect Abortion-Seeking Users?

The recent abolition of the right to an abortion in the United…

Cybersdecurity RedFlag
July 6, 2022

Mobile Security

Dutch University Turns a Profit on Ransomware Payment

The Netherlands Maastricht University has announced that an extended investigation into…

Cybersdecurity RedFlag
July 6, 2022

Mobile Security

NATO Announce Plans to Develop Cyber Rapid Response Capabilities

NATO has announced plans to develop virtual rapid response capabilities “to…

Cybersdecurity RedFlag
July 5, 2022

Mobile Security

Ukrainian Authorities Arrest Phishing Gang For Embezzling 100 Million UAH

Last week, the Cyber Police of Ukraine disclosed that it apprehended nine…

Cybersdecurity RedFlag
July 5, 2022