SINAPSI.eSolar.Light.Photovoltaic.System.Monitor.SQL.Injection
Description
This indicates an attack attempt against a SQL Injection vulnerability in SINAPSI eSolar Light Photovoltaic System Monitor.
The vulnerability is caused by insufficient sanitizing of the parameters "lingua", that is passed to "changelanguagesession.php" , or the parameter "inverterselect" that is passed to "dettagliinverter.php". It allows a remote attacker to inject arbitrary SQL statement via a crafted HTTP Request.
Affected Products
SINAPSI eSolar Light Photovoltaic System Monitor
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |