CVE-2021-21927: SQL Injection
First published: Wed Dec 22 2021(Updated: )
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech R-SeeNet | =2.4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-21927.
What is the severity of CVE-2021-21927?
CVE-2021-21927 has a severity rating of 6.5 (high).
How can an attacker exploit CVE-2021-21927?
An attacker can exploit CVE-2021-21927 by sending a specially-crafted HTTP request to trigger SQL injection.
Who can be targeted by an attacker exploiting CVE-2021-21927?
Any authenticated user or through cross-site request forgery can be targeted by an attacker exploiting CVE-2021-21927.
Is there a fix available for CVE-2021-21927?
The vendor may have released a fix for CVE-2021-21927. It is recommended to check with the vendor or apply any available patches or updates.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/advantech
- canonical/advantech r-seenet
- version/advantech r-seenet/2.4.15