CVE-2021-21919

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to incorrect input validation, which can be exploited by a remote attacker to conduct SQL injection attacks by sending specially crafted SQL queries. This can lead to inter-site scripting attacks. A specially-crafted HTTP request can trigger this issue, specifically at the ord parameter, allowing an attacker to make authenticated HTTP requests. However, exploitation without a cross-site request forgery attack requires the use of a high-privilege super-administrator account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.