2 matches found
CVE-2020-23282
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information...
CVE-2020-23282
The CVE-2020-23282 issue is a SQL injection in the login page of MV’s mConnect application (v02.001.00). The root cause is improper input handling on the Logon Page, enabling an attacker to bypass authentication by using a non-existent user with a generic password to access unauthorized informati...