KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

You May Also Like

Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets

The group is using ransomware intended to make its espionage and destruction…

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

A new variant of the eCh0raix ransomware is able to target Network-Attached…

Hackers Crack Pirated Games with Cryptojacking Malware

Threat actors have so far made about $2 million from Crackonosh, which…