CyberSec.Space Logo
Back to CVE Browser

CVE-2020-3936

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile24.63th
PublishedMar 27, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

Affected Platforms (CPE)

💻
Unisoon

Ultralog Express Firmware

= 1.4.0

References & Advisories

🔗 https://www.twcert.org.tw/tw/cp-132-3451-7d9f0-1.html
🔗 https://www.twcert.org.tw/tw/cp-132-3451-7d9f0-1.html

Related Vulnerabilities

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...

CVE-2020-1238910.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...