Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Delta Electronics DIAEnergie SQL注入漏洞
Vulnerability Description
Delta Electronics DIAEnergie是一个工业能源管理系统,用于实时监控和分析能源消耗、计算能源消耗和负载特性、优化设备性能、改进生产流程并最大限度地提高能源效率。 Delta Electronics DIAEnergie 中存在SQL注入漏洞,该漏洞源于产品的 /DataHandler/AM/AM_Handler.ashx 未能正确验证输入数据有效性。攻击者可通过在漏洞在NT SERVICEMSSQLSERVER 上下文中执行代码。
CVSS Information
N/A
Vulnerability Type
N/A