4 matches found
CVE-2020-25034
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sortby, searchURL, or searchattachment parameter to the email search feature...
Sql injection
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sortby parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the...
CVE-2020-25034
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sortby, searchURL, or searchattachment parameter to the email search feature...
CVE-2020-25034
CVE-2020-25034 affects eMPS prior to 9.0 on FireEye EX 3500 devices. The issue allows remote authenticated users to perform SQL injection via the email search feature’s parameters (sort, sort_by, search{URL], search[attachment]). The underlying root cause is unsafely constructed SQL in the email ...