CVE-2020-29474

Опубликовано: 24 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.

Ссылки

https://systemweakness.com/cve-2020-29474-egavilanmedia-address-book-1-0-exploit-sqli-auth-bypass-228cd4864262
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/49182
Exploit
Third Party Advisory
VDB Entry
https://systemweakness.com/cve-2020-29474-egavilanmedia-address-book-1-0-exploit-sqli-auth-bypass-228cd4864262
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/49182
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:egavilanmedia:egm_address_book:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01983

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-8j5p-76rr-8r3x

github

больше 3 лет назад