KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

You May Also Like

Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution

Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote…