Dwyer Isensix Advanced Remote Monitoring System Blind SQL Injection Vulnerability

Vulnerability

A blind SQL injection vulnerability has been identified in Dwyer Isensix Advanced Remote Monitoring System (ARMS) version 1.5.7 and earlier. This vulnerability allows attackers to retrieve sensitive information from the underlying SQL database by exploiting the user parameter on the login page. As a result, attackers can access and steal credentials, including those of admin users, which can then be used to authenticate to the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the application with admin privileges, allowing the attacker to perform administrative functions.

Added: Jan 6, 2026, 4:20 PM

Updated: Jan 6, 2026, 5:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dwyer Isensix Advanced Remote Monitoring System Blind SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating