Vulnerability Description
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Oaklouds Openid | >= 2.0, < 2.0-54 |
Related Weaknesses (CWE)
References
- https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daefThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4328-97765-1.htmlThird Party Advisory
- https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daefThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4328-97765-1.htmlThird Party Advisory
FAQ
What is CVE-2021-22852?
CVE-2021-22852 is a vulnerability with a CVSS score of 8.8 (HIGH). HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
How severe is CVE-2021-22852?
CVE-2021-22852 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22852?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Oaklouds Openid.