TVN ID | TVN-202101013 |
---|---|
CVE ID | CVE-2021-22859 |
CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products | EIC e-document system v3.0.2 |
Description | The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege. |
Solution | Update to version 3.0.4 |
Credit | Tony Kuo (CHT Security) |
Public Date | 2021-03-17 |