Telestream · Telestream Tektronix Sentry · CVE-2020-8887
**Name of the Vulnerable Software and Affected Versions**
Telestream Tektronix Medius versions prior to 10.7.5
Telestream Tektronix Sentry versions prior to 10.7.5
**Description**
The issue allows an unauthenticated attacker to perform SQL injection, enabling them to dump database contents. This is achieved by exploiting the `page` parameter in a `page=login` request to the "index.php" endpoint, specifically targeting the server login page.
**Recommendations**
For Telestream Tektronix Medius versions prior to 10.7.5, update to version 10.7.5 or later.
For Telestream Tektronix Sentry versions prior to 10.7.5, update to version 10.7.5 or later.