CVE-2021-22859 CRITICAL

CVE-2021-22859: EIC e-document system - SQL Injection

Vendor Excellent Infotek Corporation
Product e-document system
Weakness CWE-89 · SQLi
Published March 17, 2021
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.

Key dates

02Disclosure timeline

March 17, 2021 CVE published
September 16, 2024 Record updated