CVE-2022-43452 HIGH

CVE-2022-43452: Delta Electronics DIAEnergie SQL Injection

Vendor Delta Electronics

Product DIAEnergie

Weakness CWE-89 · SQLi

Published November 17, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Key dates

02Disclosure timeline

November 17, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43452 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-10829 Campcodes Computer Sales and Inventory System sup_edit1.php sql injection CVE-2026-4540 projectworlds Online Notes Sharing System Parameters login.php sql injection CVE-2025-5856 PHPGurukul BP Monitoring Management System registration.php sql injection CVE-2023-3457 SourceCodester Shopping Website index.php sql injection CVE-2024-43941 WordPress Propovoice Pro plugin <= 1.7.0.3 - Unauthenticated SQL Injection vulnerability