The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2021-03-17T09:10:30.761178Z
Updated: 2024-09-16T23:01:27.719Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22859
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-17T09:15:12.093
Modified: 2024-11-21T05:50:46.873
Link: CVE-2021-22859
Redhat
No data.