go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



ChanGate EnterPrise Co., Ltd property management system - SQL Injection

TVN ID TVN-202101010
CVE ID CVE-2021-22856
CVSS 9.8 (Critical)
Affected Products CGE property management system version 1.00
Description The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.
Solution Update CGE property management system to the latest version.
Credit Jia-Rong Chen
Public Date 2021-02-17