Vulnerabilities > Deltaww > Diaenergie

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-42417 SQL Injection vulnerability in Deltaww Diaenergie
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx.
network
low complexity
deltaww CWE-89
8.8
8.8
2024-10-03 CVE-2024-43699 SQL Injection vulnerability in Deltaww Diaenergie
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx.
network
low complexity
deltaww CWE-89
critical
 9.8
9.8
2024-05-03 CVE-2024-34031 Unspecified vulnerability in Deltaww Diaenergie 1.10.00.005
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx.
network
low complexity
deltaww
8.8
8.8
2024-05-03 CVE-2024-34032 Unspecified vulnerability in Deltaww Diaenergie 1.10.00.005
Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint.
network
low complexity
deltaww
8.8
8.8
2024-05-03 CVE-2024-34033 Unspecified vulnerability in Deltaww Diaenergie 1.10.00.005
Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory.
network
low complexity
deltaww
8.8
8.8
2024-03-21 CVE-2024-25937 Unspecified vulnerability in Deltaww Diaenergie
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
network
low complexity
deltaww
8.8
8.8
2024-03-21 CVE-2024-28029 Unspecified vulnerability in Deltaww Diaenergie
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
network
low complexity
deltaww
8.8
8.8
2023-02-17 CVE-2023-0822 Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
network
low complexity
deltaww CWE-552
8.8
8.8
2022-11-17 CVE-2022-41775 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8
2022-11-17 CVE-2022-43447 SQL Injection vulnerability in Deltaww Diaenergie
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
network
low complexity
deltaww CWE-89
8.8
8.8