2 matches found
Grandstream UCM6200 SQL Injection Vulnerability (CNVD-2020-20680)
The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. A SQL injection vulnerability exists in the Grandstream UCM6200 series prior to version 1.0.20.22. The vulnerability stems from a database-based application that lacks validation of externally...
PT-2020-18647 · Grandstream · Grandstream Ucm6200
Name of the Vulnerable Software and Affected Versions: Grandstream UCM6200 series versions prior to 1.0.20.22 Description: The issue allows a remote unauthenticated attacker to perform an SQL injection via the HTTP server's websockify endpoint. By invoking the challenge action with a crafted...