Lucene search

INCIBECVELIST:CVE-2020-8967

HistoryJun 01, 2020 - 12:00 a.m.

CVE-2020-8967 GESIO SQL injection vulnerability

2020-06-0100:00:00

CWE-89

INCIBE

www.cve.org

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.

CNA Affected

[
  {
    "product": "GESIO ERP",
    "vendor": "Gesio (GESTIÓN INTEGRAL ONLINE, SL)",
    "versions": [
      {
        "lessThan": "11.2",
        "status": "affected",
        "version": "11.2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe-cert.es/en/early-warning/security-advisories/gesio-sql-injection-vulnerability

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

Related for CVELIST:CVE-2020-8967