Home / exploitsPDF  

KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass

Posted on 21 July 2021

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

 

TOP