Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NRiello Ups Netman 208
APPRiello-Ups< 1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
Related vulnerabilities
CVE-2025-68916CRITICAL9.1PL ✓ten sam produkt
RCE przez path traversal przy upload pliku w Riello UPS NetMan 208
CVE-2025-68915MEDIUM5.5ten sam produkt
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
CVE-2024-8878CRITICAL10.0PL ✓ten sam vendor
Podatność mechanizmu odzyskiwania hasła w Riello Netman 204 umożliwia przejęcie urządzenia
CVE-2022-47893CRITICAL10.0ten sam vendor
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker coul...
CVE-2017-6900CRITICAL9.8ten sam vendor
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass P...