CVE-2021-22856

Summary

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

Affected Software

VendorProductVersion RangeStatus
ChanGate EnterPrise Co., Ltdproperty management system0 <= 1.00affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References