CVE-2021-36722

Name of the Vulnerable Software and Affected Versions Emuse - eServices / eNvoice (affected versions not specified)

Description The issue allows for SQL injection, which can be utilized in various ways, including bypassing login authentication, dumping the database, or achieving full remote code execution (RCE) on affected endpoints. This is caused by the generation of error messages containing sensitive information, such as parts of the aspx code and the webroot location, which an attacker can leverage to further compromise the host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.