CVE-2021-21918

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description A specially-crafted HTTP request can lead to SQL injection, allowing an attacker to execute arbitrary SQL queries. This can be triggered by making authenticated HTTP requests, specifically targeting the name filter parameter. Exploitation without a cross-site request forgery attack requires the use of a high-privilege super-administrator account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.