Sql injection

2020-06-1620:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.

CPENameOperatorVersion
mtn6260-0310_firmwarelt1.4.2
mtn6260-0315_firmwarelt1.4.2
mtn6260-0410_firmwarelt1.4.2
mtn6260-0415_firmwarelt1.4.2
mtn6501-0001_firmwarelt1.4.2
mtn6501-0002_firmwarelt1.4.2

Name	Operator	Version
mtn6260-0310_firmware	lt	1.4.2
mtn6260-0315_firmware	lt	1.4.2
mtn6260-0410_firmware	lt	1.4.2
mtn6260-0415_firmware	lt	1.4.2
mtn6501-0001_firmware	lt	1.4.2
mtn6501-0002_firmware	lt	1.4.2

References

www.se.com/ww/en/download/document/SEVD-2020-133-03/