20 matches found
EUVD-2019-2463
Malware in sbrugna...
CVE-2019-10663
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...
CVE-2019-10662
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...
CVE-2024-0840
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-0840
CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
Grandstream IP PBX Appliance UCM6204 < 1.0.19.20 RCE
Binary data 700492.prm...
Grandstream UCM6204 SQL Injection Vulnerability
The Grandstream UCM6204 is an IP PBX Private Branch eXchange device from Grandstream. A SQL injection vulnerability exists in the Grandstream UCM6204 prior to version 1.0.19.20, which arises from a database-based application that lacks validation of externally entered SQL statements. An attacker...
Grandstream UCM6204 Command Injection Vulnerability
The Grandstream UCM6204 is an IP PBX Private Branch eXchange device from Grandstream. A security vulnerability exists in the Grandstream UCM6204 versions prior to 1.0.19.20. An attacker can exploit the vulnerability to execute illegal commands...
CVE-2019-10663
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...
CVE-2019-10662
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...
Code injection
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...
CVE-2019-10663
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...
Sql injection
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...
CVE-2019-10663
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...
CVE-2019-10663
Grandstream UCM6204 is affected by CVE-2019-10663. Before version 1.0.19.20, remote authenticated users can perform a SQL injection via the sord parameter in the listCodeblueGroup API call to the /cgi? URI. Impact details are described across multiple sources, with the vulnerability enabling unin...
CVE-2019-10662
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...
CVE-2019-10662
CVE-2019-10662 affects Grandstream UCM6204 devices running firmware prior to 1.0.19.20. The issue lets remote authenticated users execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter sent to the /cgi? URI. Root cause appears to be a command execution vulner...
PT-2019-11975 · Grandstream · Grandstream Ucm6204
Name of the Vulnerable Software and Affected Versions: Grandstream UCM6204 version 1.0.19.20 and earlier Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the file-backup parameter to the "/cgi" API endpoint. Recommendations: For...