CVE-2021-22856
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ChanGate EnterPrise Co., Ltd | property management system | 0 <= 1.00 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-4394-76d41-1.html
- https://www.chtsecurity.com/news/fe1e30ef-4dac-4848-a3c9-a7df12672422
References
- https://www.twcert.org.tw/tw/cp-132-4394-76d41-1.html
- https://www.chtsecurity.com/news/fe1e30ef-4dac-4848-a3c9-a7df12672422
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.