CVE-2021-23230
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-23230
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gallagher Command Centre Server SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gallagher Command Centre Server是新西兰Gallagher公司的一个用于对建筑物内基础设施进行监控、管理的管理系统。 Gallagher Command Centre OPCUA接口 存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞允许远程非特权指挥中心操作员在未被发现的情况下修改指挥中心数据库。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gallagher | Command Centre | unspecified ~ 8.00 | - |
II. Public POCs for CVE-2021-23230
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-23230
请登录查看更多情报信息。
Same Patch Batch · Gallagher · 2021-06-11 · 7 CVEs total
| CVE-2021-23140 | 9.9 CRITICAL | Gallagher Command Centre Server 安全漏洞 |
| CVE-2021-23204 | 8.1 HIGH | Gallagher Command Centre Server 安全漏洞 |
| CVE-2021-23205 | 8.1 HIGH | Gallagher Command Centre Server 处理逻辑错误漏洞 |
| CVE-2021-23136 | 6.5 MEDIUM | Gallagher Command Centre Server 安全漏洞 |
| CVE-2021-23182 | 6.0 MEDIUM | Gallagher Command Centre Server 加密问题漏洞 |
| CVE-2021-23211 | 6.0 MEDIUM | Gallagher Command Centre Server 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. Comments for CVE-2021-23230
No comments yet