CVE-2021-22856 CRITICAL

CVE-2021-22856: ChanGate EnterPrise Co., Ltd property management system - SQL Injection

Vendor Changate Enterprise Co., Ltd
Product property management system
Weakness CWE-89 · SQLi
Published February 17, 2021
Last update September 17, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

Key dates

02Disclosure timeline

February 17, 2021 CVE published
September 17, 2024 Record updated