Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.8 views

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

10CVSS8.3AI score0.83926EPSS
Exploits8References1
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.218 views

Grandstream Networks UCM6200 Series SQLi (SIP)

A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...

10CVSS8.7AI score0.83926EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.212 views

Grandstream Networks UCM6200 Series SQLi (Web UI)

A SQL injection vulnerability exists in Grandstream UCM6200 Series devices. An unauthenticated, remote attacker can exploit this to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17. Note that Nessus has not tested...

10CVSS8.7AI score0.83926EPSS
Exploits8References2
Rapid7 Blog
Rapid7 Blog
added 2022/01/28 4:49 p.m.73 views

Metasploit Weekly Wrap-Up

I'm sure you know what's coming, more Log4Shell For those wondering when the Log4Shell remediation nightmare will end, I'm afraid I can't give you that. What I can give you, though, is a new Log4Shell module! With the new module from zeroSteiner you can expect to get unauthenticated RCE on the...

10CVSS0.2AI score0.99999EPSS
Exploits362
0day.today
0day.today
added 2022/01/25 12:0 a.m.360 views

Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root. This module requires Metasploi...

9.8CVSS10AI score0.83926EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2020/10/07 12:0 a.m.35 views

Grandstream UCM6202 Command Injection (CVE-2020-5722)

A command injection vulnerability exists in Grandstream UCM6202. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.7AI score0.83926EPSS
Exploits8
Circl
Circl
added 2020/04/10 4:33 p.m.22 views

CVE-2020-5722

creationtimestamp| type| source ---|---|--- 2020-04-10 16:33:40+00:00| exploited| https://t.me/truesecator/456 2020-04-13 09:10:02+00:00| exploited| https://t.me/SecLabNews/7334 2020-10-09 14:02:50+00:00| seen| MISP/3e3792b8-d224-49c1-adcb-cf1dafc6174d 2020-10-15 15:07:04+00:00| seen|...

10CVSS7.3AI score0.83926EPSS
Exploits8References12
0day.today
0day.today
added 2020/03/24 12:0 a.m.388 views

UCM6202 1.0.18.13 - Remote Command Injection Exploit

Exploit for hardware platform in category web applications Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...

9.5AI score0.83926EPSS
Exploits8
Exploit DB
Exploit DB
added 2020/03/24 12:0 a.m.348 views

UCM6202 1.0.18.13 - Remote Command Injection

Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...

10CVSS9.5AI score0.83926EPSS
Exploits8
CVE
CVE
added 2020/03/23 7:31 p.m.1093 views

CVE-2020-5722

The Grandstream UCM6200 series (UCM62xx) is affected by CVE-2020-5722: an unauthenticated remote SQL injection via crafted HTTP requests in the HTTP interface, with potential to execute shell commands as root on versions before 1.0.19.20 and to inject HTML in password recovery emails on versions ...

10CVSS9.9AI score0.83926EPSS
In wildExploits8References4Affected Software1
Vulnrichment
Vulnrichment
added 2020/03/23 7:31 p.m.7 views

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

10AI score0.83926EPSS
Exploits8References3
Rows per page
Query Builder