KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.
You May Also Like
Microsoft RDP Remote Code Execution
Proof of concept exploit for a remote code execution vulnerability in Microsoft’s…
- cybersecurityredflag_sdevzw
- June 3, 2021
WordPress Sites Abused in Aggah Spear-Phishing Campaign
The Pakistan-linked threat group’s campaign uses compromised WordPress sites to deliver the…
- cybersecurityredflag_sdevzw
- August 13, 2021
NSClient++ 0.5.2.35 Remote Code Execution
This Metasploit module allows an attacker with knowledge of the admin password…
- cybersecurityredflag_sdevzw
- June 10, 2021
Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote…
- cybersecurityredflag_sdevzw
- July 14, 2021