CVE-2020-3936

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1550%

EPSS Percentile24.63th

Published2020年3月27日

Last Modified2024年11月21日

Vulnerability Description

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

Affected Platforms (CPE)

💻

Unisoon

Ultralog Express Firmware

= 1.4.0

References & Advisories

🔗 https://www.twcert.org.tw/tw/cp-132-3451-7d9f0-1.html

相關漏洞威脅

CVE-2020-1207910.0

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isola...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2020-195310.0

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes i...

CVE-2020-896710.0

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO...