exploitDog

CVE-2020-23282

Опубликовано: 21 июл. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.

Ссылки

https://github.com/ifmacedo/mconnect/blob/main/SQLinjection
Exploit
Third Party Advisory
https://www.linkedin.com/pulse/mconnect-mv-sql-injection-parcial-iran/
Third Party Advisory
https://github.com/ifmacedo/mconnect/blob/main/SQLinjection
Exploit
Third Party Advisory
https://www.linkedin.com/pulse/mconnect-mv-sql-injection-parcial-iran/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mv:mconnect:02.001.00:*:*:*:*:*:*:*

cpe:2.3:a:mv:mconnect:2013.1.6.8:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00238

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-hmx5-gpvw-gpv4

github

больше 3 лет назад

SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.

EPSS

Процентиль: 47%

0.00238

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89