The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
Metrics
Affected Vendors & Products
References
History
Thu, 06 Feb 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|

Status: PUBLISHED
Assigner: tenable
Published: 2020-03-23T19:31:40.000Z
Updated: 2025-02-06T20:27:29.174Z
Reserved: 2020-01-06T00:00:00.000Z
Link: CVE-2020-5722

Updated: 2024-08-04T08:39:25.626Z

Status : Modified
Published: 2020-03-23T20:15:12.043
Modified: 2025-02-06T21:15:15.403
Link: CVE-2020-5722

No data.