CVE-2021-21925
MEDIUM WAF: High
CVSS 6.5
Published: 2021-12-22
CWE-89 CWE-89
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| advantech | r-seenet | 2.4.15 |
References
- talosintelligence.com (Exploit, Third Party Advisory)