Vulnerabilities > Deltaww > Diaenergie
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-21 | CVE-2024-28029 | Unspecified vulnerability in Deltaww Diaenergie Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. | 8.8 |
2023-02-17 | CVE-2023-0822 | Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | 8.8 |
2022-11-17 | CVE-2022-41775 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
2022-11-17 | CVE-2022-43447 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
2022-11-17 | CVE-2022-43452 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
2022-11-17 | CVE-2022-43457 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
2022-11-17 | CVE-2022-43506 | SQL Injection vulnerability in Deltaww Diaenergie SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | 8.8 |
2022-10-27 | CVE-2022-40965 | Cross-site Scripting vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | 5.4 |
2022-10-27 | CVE-2022-40967 | SQL Injection vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. | 8.8 |
2022-10-27 | CVE-2022-41133 | SQL Injection vulnerability in Deltaww Diaenergie The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. | 8.8 |