CVE-2020-10512

Опубликовано: 15 апр. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.

Ссылки

https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a
Third Party Advisory
https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e
https://www.twcert.org.tw/tw/cp-132-3536-79545-1.html
Third Party Advisory
https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a
Third Party Advisory
https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e
https://www.twcert.org.tw/tw/cp-132-3536-79545-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hgiga:oaklouds_ccm\@il:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00364

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-23m4-7vqv-gc3v

github

около 3 лет назад

HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.