Lucene search
+L

4 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.415 views

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump', 'Description' = %q This module uses a blind SQL injection CVE-2020-572...

9.8CVSS7AI score0.11875EPSS
Exploits4
Metasploit
Metasploit
added 2022/02/17 5:42 p.m.146 views

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

This module uses a blind SQL injection CVE-2020-5724 affecting the Grandstream UCM62xx IP PBX to dump the users table. The injection occurs over a websocket at the websockify endpoint, and specifically occurs when the user requests the challenge as part of a challenge and response authentication...

9.8CVSS9.2AI score0.11875EPSS
Exploits4
Circl
Circl
added 2022/02/15 5:41 p.m.13 views

CVE-2020-5724

creationtimestamp| type| source ---|---|--- 2022-02-15 17:41:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/grandstreamucm62xxsqlaccountguess.rb 2024-10-18 16:52:06+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/881...

7.5CVSS7.9AI score0.11875EPSS
Exploits3References2
CVE
CVE
added 2020/03/30 7:3 p.m.86 views

CVE-2020-5724

CVE-2020-5724 affects Grandstream UCM6200/UCM62xx devices prior to firmware 1.0.20.22. The vulnerability is an SQL injection in the HTTP server’s websockify endpoint that can be exploited by an unauthenticated remote attacker via the challenge action with a crafted username, potentially revealing...

7.5CVSS9AI score0.11875EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder