exploitDog

GHSA-chfh-m75v-856c

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

Ссылки

EPSS

Процентиль: 61%

0.00418

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2020-3936

CVSS3: 10

nvd

почти 6 лет назад

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

EPSS

Процентиль: 61%

0.00418

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89