CVE-2020-10582

Name of the Vulnerable Software and Affected Versions Invigo Automatic Device Management (ADM) versions through 5.0

Description The issue allows remote attackers to execute arbitrary SQL requests, including data reading and modification, on the database through a SQL injection on the "/admin/display errors.php" script.

Recommendations For Invigo Automatic Device Management (ADM) versions through 5.0, consider restricting access to the "/admin/display errors.php" script until a patch is available. As a temporary workaround, avoid using sensitive database operations in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.