Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25143

Опубликовано: 25 сент. 2020
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:observium:observium:20.8.10631:*:*:*:community:*:*:*
cpe:2.3:a:observium:observium:20.8.10631:*:*:*:enterprise:*:*:*
cpe:2.3:a:observium:observium:20.8.10631:*:*:*:professional:*:*:*

EPSS

Процентиль: 49%
0.00257
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-jx9f-93fm-j74w

github
больше 3 лет назад

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.

EPSS

Процентиль: 49%
0.00257
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89