CVE-2022-43506 HIGH

CVE-2022-43506: Delta Electronics DIAEnergie SQL Injection

Vendor Delta Electronics

Product DIAEnergie

Weakness CWE-89 · SQLi

Published November 17, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network

Key dates

02Disclosure timeline

November 17, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43506

Related vulnerabilities

04Related CVE

CVE-2026-8132 CodeAstro Leave Management System login.php sql injection CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection CVE-2023-1364 SourceCodester Online Pizza Ordering System GET Parameter category.php sql injection CVE-2025-14584 itsourcecode COVID Tracking System Admin Login login.php sql injection CVE-2023-1311 SourceCodester Friendly Island Pizza Website and Ordering System GET Parameter large.php sql injection