CVE-2021-21937

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to a lack of protection in the SQL query structure, which can be exploited through a specially-crafted HTTP request, leading to SQL injection. This can be triggered by making authenticated HTTP requests, potentially through cross-site request forgery, and affects the host alt filter parameter in the device list.php file. An attacker can exploit this issue as any authenticated user, allowing them to potentially disclose protected information using a specially crafted request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.