PT-2020-15061 · Huawei · Gaussdb 200
Published
2020-02-18
·
Updated
2021-07-21
·
CVE-2020-1790
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GaussDB 200 version 6.5.1
Description
The issue arises from the software's construction of commands using external input from users without sufficient validation of the input. This allows an attacker to potentially inject certain commands.
Recommendations
For GaussDB 200 version 6.5.1, ensure that user input is thoroughly validated to prevent command injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gaussdb 200