These issues could be exploited by malicious people to conduct cross-site scripting attacks. A total of 14 XSS flaws were found in DGIOT Lightweight industrial IoT. Some of these issues were rated with high severity and could be exploited by attackers to conduct XSS attacks against users of the software. DGIOT Lightweight industrial IoT v4.5.4 was also discovered to contain multiple SQL injection vulnerabilities. Some of these issues were rated with high severity and could be exploited by attackers to conduct SQL injection attacks against the software. DGIOT Lightweight industrial IoT v4.5.4 was discovered to be using a vulnerable version of the PHP scripting language. Some of these issues were rated with high severity and could be exploited by attackers to conduct PHP code injection attacks against the software. DGIOT Lightweight industrial IoT v4.5.4 was discovered to be using a version of the MariaDB database server that is older than the official cutoff of 9.2.5. Some of these issues were rated with high severity and could be exploited by attackers to conduct database injection attacks against the software. DGIOT Lightweight industrial IoT v4.5.4 was discovered to be using an out-of-date version of the Symfony web application framework. Some of these issues were rated with high severity and could be exploited by attackers to conduct cross-site scripting (XSS) attacks against the software. DGIOT Lightweight industrial IoT v4.5.4

DGIOT Lightweight industrial IoT v4.5.3 has been replaced with DGIOT Lightweight industrial IoT v4.5.4

Vulnerable / tested versions

DGIOT Lightweight industrial IoT v4.5.4
In total, there are 7 vulnerabilities that could be exploited by malicious people to conduct cross-site scripting attacks, 14 vulnerabilities that could be exploited by attackers to conduct SQL injection attacks, 3 vulnerabilities that could be exploited by attackers to conduct PHP code injection attacks, and 4 vulnerabilities that could be exploited by attackers to conduct database injection attacks.
DGIOT Lightweight industrial IoT v4.5.4 is vulnerable to all of these vulnerabilities and has been tested against those issues.

DGIOT Lightweight industrial IoT v4.5 .4

DGIOT Lightweight industrial IoT v4.5.4 was discovered to be using a vulnerable version of the PHP scripting language. Some of these issues were rated with high severity and could be exploited by attackers to conduct PHP code injection attacks against the software. DGIOT Lightweight industrial IoT v4.5.4 was discovered to be using an out-of-date version of the Symfony web application framework. Some of these issues were rated with high severity and could be exploited by attackers to conduct cross-site scripting (XSS) attacks against the software. DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple SQL injection vulnerabilities. Some of these issues were rated with high severity and could be exploited by attackers to conduct SQL injection attacks against the software. DGIOT Lightweight industrial IoT v4.5.4 was discovered to use a vulnerable version of the MariaDB database server that is older than the official cutoff of 9.2.5, which allowed for an attacker who can successfully exploit it, to execute arbitrary commands via shell metacharacters in an administrator's username/password combination on the underlying system (via RCE). A total of 14 XSS flaws were found in DGIOT Lightweight industrial IoT versions 4 and 4:1, which some were rated with high severity and may allow attackers who can successfully exploit them, to execute arbitrary script code in a user's browser session within your application context (

Timeline

Published on: 09/29/2022 19:15:00 UTC
Last modified on: 10/06/2022 20:23:00 UTC

References