Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-4316-298fc-1.html |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: twcert
Published: 2021-01-22T08:30:20.982369Z
Updated: 2024-09-16T19:04:46.163Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22847

No data.

Status : Modified
Published: 2021-01-22T09:15:13.227
Modified: 2024-11-21T05:50:45.357
Link: CVE-2021-22847

No data.