Lucene search
+L

5 matches found

exploitpack
exploitpack
added 2020/03/31 12:0 a.m.275 views

Grandstream UCM6200 Series WebSocket 1.0.20.20 - user_password SQL Injection

Grandstream UCM6200 Series WebSocket 1.0.20.20 - userpassword SQL Injection Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

0.2AI score0.01709EPSS
Exploits5
0day.today
0day.today
added 2020/03/31 12:0 a.m.239 views

Grandstream UCM6200 Series WebSocket 1.0.20.20 - (user_password) SQL Injection Exploit

Exploit for hardware platform in category web applications Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link:...

0.3AI score0.01709EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/03/31 12:0 a.m.208 views

Grandstream UCM6200 Series WebSocket 1.0.20.20 SQL Injection

Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below...

4.3CVSS0.2AI score0.01709EPSS
Exploits5
OSV
OSV
added 2020/03/30 8:15 p.m.7 views

CVE-2020-5725

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the login action with a crafted username and, through the use of timing attacks, can discover user passwords...

5.9CVSS5.8AI score0.01709EPSS
Exploits5References2
CVE
CVE
added 2020/03/30 7:3 p.m.104 views

CVE-2020-5725

CVE-2020-5725 affects Grandstream UCM6200 series prior to version 1.0.20.22. The vulnerability is an SQL injection in the HTTP server’s websockify endpoint that allows a remote, unauthenticated attacker to trigger a login action with a crafted username and, via timing attacks, disclose user passw...

5.9CVSS6.2AI score0.01709EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder