3 matches found
CVE-2020-21152
SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction...
CVE-2020-21152
SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction...
CVE-2020-21152
The CVE-2020-21152 entry concerns inxedu 2.0.6 with a SQL injection in the /saverolefunction API via the functionIds parameter. The vulnerability could allow arbitrary command execution and carries a high impact (CVSS v3.1: 9.8, CRITICAL). Public details in the provided documents specify the vuln...