PT-2026-3172 · Vianeos · Vianeos Octopus 5
Published
2026-01-15
·
Updated
2026-01-16
·
CVE-2021-47801
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Vianeos OctoPUS 5
Description
The software contains a time-based blind SQL injection issue in the
login user parameter during authentication requests. An attacker can exploit this by sending malicious POST requests with crafted SQL payloads that trigger database sleep functions to extract information. The vulnerable parameter is used during authentication.Recommendations
Apply input validation and sanitization to the
login user parameter to prevent the injection of malicious SQL code.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vianeos Octopus 5