Description
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, where the API call code was updated to ensure safe handling of input values.
References (2)
Core 2
Core References
Third Party Advisory
https://pastebin.com/C6hVPpF4
Product
https://www.sunbirddcim.com/
Scores
CVSS v3
2.5
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
sunbirddcim/power_iq
9.2.0
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026