CVE-2021-22856

high

Description

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

References

Advisories

https://www.twcert.org.tw/tw/cp-132-4394-76d41-1.html

https://www.chtsecurity.com/news/fe1e30ef-4dac-4848-a3c9-a7df12672422

Details

Source: Mitre, NVD

Published: 2021-02-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00313

Detections

Analytics