Description
In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.
References (1)
Core 1
Core References
Vendor Advisory
https://www.s-can.at/en/the-new-monitool-v4-2-security-first/
Scores
CVSS v3
8.8
EPSS
0.0069
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
badgermeter/moni\
\ tool
Published
Nov 15, 2022
Tracked Since
Feb 18, 2026