| शीर्षक | Acrel Electric Co., Ltd. EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 SQL Injection |
|---|
| विवरण | A Critical unauthenticated SQL injection vulnerability has been identified in the Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform by Acrel Electric Co., Ltd.
The vulnerability is located within the /SubstationWEBV2/main/elecMaxMinAvgValue interface. Critically, this endpoint is exposed and accessible to remote attackers without any authentication or valid user sessions. Due to a fundamental failure to validate and filter user-controllable input, an attacker can transmit malicious SQL payloads to the backend database.
Successful exploitation grants the attacker full administrative access to the database, leading to the unauthorized extraction of sensitive power grid operational data, modification of system configurations, and potential disruption of critical energy management services. |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/QoXfwTAOiiYw2OkO0vAc7b7SnGg |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 13/04/2026 04:59 AM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 09:38 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360864 [Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform elecMaxMinAvgValue SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|