CVE-2021-23276

SQL INJECTION CWE-89
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit this vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.

Risk Information

  • CVE ID
  • CVE-2021-23276
  • Vendor
  • Eaton
  • Product
  • Eaton Intelligent Power Manager
  • CVSS v3
  • 7.1