2 matches found
CVE-2020-15008
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user...
CVE-2020-15008
Summary: CVE-2020-15008 affects ConnectWise Automate prior to 2020.7 and the 2019.12 hotfix, where the probe code contains a SQL injection flaw in the data insertion path. The vulnerability arises from dynamic SQL construction that uses a user-supplied table name with minimal validation, enabling...