Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host.
References
Link | Resource |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Jan 2022, 14:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:a:emuse_-_eservices_\/_envoice_project:emuse_-_eservices_\/_envoice:-:*:*:*:*:*:*:* | |
First Time |
Emuse - Eservices \/ Envoice Project emuse - Eservices \/ Envoice
Emuse - Eservices \/ Envoice Project |
|
CWE | CWE-89 | |
References | (CONFIRM) https://www.gov.il/en/departments/faq/cve_advisories - Third Party Advisory |
29 Dec 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-29 15:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-36722
Mitre link : CVE-2021-36722
CVE.ORG link : CVE-2021-36722
JSON object : View
Products Affected
emuse_-_eservices_\/_envoice_project
- emuse_-_eservices_\/_envoice
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')