PT-2020-12182 · Hgiga · Ccmailn+1

Tony Kuo

Published

2020-04-15

Updated

2020-04-30

CVE-2020-10512

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HGiga C&Cmail CCMAILQ versions before olln-calendar-6.0-100.i386.rpm HGiga C&Cmail CCMAILN versions before olln-calendar-5.0-100.i386.rpm

Description The issue allows attackers to inject SQL commands in the URL parameter to execute unauthorized commands. This is a SQL Injection vulnerability.

Recommendations For CCMAILQ versions before olln-calendar-6.0-100.i386.rpm, update to a version after olln-calendar-6.0-100.i386.rpm. For CCMAILN versions before olln-calendar-5.0-100.i386.rpm, update to a version after olln-calendar-5.0-100.i386.rpm. As a temporary workaround, consider restricting access to the URL parameter to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-10512

Affected Products

Ccmailn

Ccmailq

PT-2020-12182 · Hgiga · Ccmailn+1

CVE-2020-10512

Weakness Enumeration

Related Identifiers

Affected Products

References · 6