CVE-2022-45090 is a HIGH severity SQL Injection vulnerability (CVSS 3.1: 8.8) in Gruparge Smartpower Web, an energy and control systems management platform. The vulnerability stems from improper input validation (CWE-89) and allows authenticated attackers with low privileges to execute arbitrary SQL commands, potentially leading to complete confidentiality, integrity, and availability compromise of the ap [truncated]
CVE-2022-45089 is a HIGH severity SQL Injection vulnerability (CVSS 3.1: 8.8) affecting Gruparge Smartpower Web, an energy and control systems management platform. The vulnerability stems from improper input validation, allowing authenticated attackers with low privileges to execute arbitrary SQL commands. The issue affects all versions prior to 23.01.01. This CVE was published on 2023-02-12 and last modi [truncated]
A stored or reflected Cross-Site Scripting (XSS) vulnerability exists in Gruparge Smartpower Web, an energy and control systems management platform, affecting versions prior to 23.01.01. The flaw stems from improper neutralization of user-supplied input during web page generation (CWE-79), allowing attackers to inject malicious scripts that execute in victims' browsers. With a CVSS 3.1 score of 6.1 (Mediu [truncated]
CVE-2022-45085 is a server-side request forgery (SSRF) vulnerability affecting Smartpower Web versions before 23.01.01. NVD maps the issue to CWE-918 and rates it CVSS 3.1 6.5/Medium. Because the attack vector is network-based and requires only low privileges with no user interaction, affected deployments should be prioritized for update and access review.