CVE-2021-44161
MEDIUM WAF: High
CVSS 5.8
Published: 2021-12-29
CWE-89
Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| changingtec | motp | all versions |
References
- www.twcert.org.tw (Third Party Advisory)