3 matches found
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
CVE-2020-9406
IBL Online Weather before 4.3.5a is affected by an unauthenticated eval injection via the Auxiliary Service’s queryBCP method. The vulnerability affects versions prior to 4.3.5a and stems from the queryBCP component allowing injection of code without authentication, enabling potential remote code...