CVE-2021-3604 | HackTesting

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.

Credits

Ander Martínez of Titanium Industrial Security.

References

https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability

http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html