Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-2463

Malware in sbrugna...

8.8CVSS8.8AI score0.0357EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/22 10:24 a.m.6 views

CVE-2019-10663

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...

8.8CVSS7.6AI score0.0357EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:7 a.m.7 views

CVE-2019-10662

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...

9CVSS7.7AI score0.06893EPSS
Exploits3References1
NVD
NVDadded 2024/04/29 7:15 p.m.18 views

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8.8AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/04/29 6:42 p.m.24 views

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS9AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/04/29 6:42 p.m.18 views

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8AI score0.00291EPSS
Exploits0References1
CVE
CVEadded 2024/04/29 6:42 p.m.55 views

CVE-2024-0840

CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...

8.8CVSS8AI score0.00291EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2019/04/05 12:0 a.m.33 views

Grandstream IP PBX Appliance UCM6204 < 1.0.19.20 RCE

Binary data 700492.prm...

9CVSS8.9AI score0.06893EPSS
Exploits3References5
CNVD
CNVDadded 2019/04/02 12:0 a.m.2 views

Grandstream UCM6204 Command Injection Vulnerability

The Grandstream UCM6204 is an IP PBX Private Branch eXchange device from Grandstream. A security vulnerability exists in the Grandstream UCM6204 versions prior to 1.0.19.20. An attacker can exploit the vulnerability to execute illegal commands...

9CVSS7.1AI score0.06893EPSS
Exploits3References1
CNVD
CNVDadded 2019/04/02 12:0 a.m.1 views

Grandstream UCM6204 SQL Injection Vulnerability

The Grandstream UCM6204 is an IP PBX Private Branch eXchange device from Grandstream. A SQL injection vulnerability exists in the Grandstream UCM6204 prior to version 1.0.19.20, which arises from a database-based application that lacks validation of externally entered SQL statements. An attacker...

8.8CVSS8.1AI score0.0357EPSS
Exploits0References1
NVD
NVDadded 2019/03/30 5:29 p.m.20 views

CVE-2019-10663

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...

8.8CVSS8.7AI score0.0357EPSS
Exploits0References1
Prion
Prionadded 2019/03/30 5:29 p.m.18 views

Code injection

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...

9CVSS9.3AI score0.06893EPSS
Exploits3References2Affected Software1
OSV
OSVadded 2019/03/30 5:29 p.m.1 views

CVE-2019-10663

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...

8.8CVSS7.4AI score
Exploits0References1
NVD
NVDadded 2019/03/30 5:29 p.m.26 views

CVE-2019-10662

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...

9CVSS8.8AI score0.06893EPSS
Exploits3References2
Prion
Prionadded 2019/03/30 5:29 p.m.19 views

Sql injection

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...

6.5CVSS8.7AI score0.0357EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2019/03/30 4:43 p.m.49 views

CVE-2019-10663

Grandstream UCM6204 is affected by CVE-2019-10663. Before version 1.0.19.20, remote authenticated users can perform a SQL injection via the sord parameter in the listCodeblueGroup API call to the /cgi? URI. Impact details are described across multiple sources, with the vulnerability enabling unin...

8.8CVSS9AI score0.0357EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2019/03/30 4:43 p.m.23 views

CVE-2019-10663

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...

9.1AI score0.0357EPSS
Exploits0References1
Cvelist
Cvelistadded 2019/03/30 4:43 p.m.24 views

CVE-2019-10662

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...

9.3AI score0.06893EPSS
Exploits3References2
CVE
CVEadded 2019/03/30 4:43 p.m.60 views

CVE-2019-10662

CVE-2019-10662 affects Grandstream UCM6204 devices running firmware prior to 1.0.19.20. The issue lets remote authenticated users execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter sent to the /cgi? URI. Root cause appears to be a command execution vulner...

9CVSS9.2AI score0.06893EPSS
Exploits3References2Affected Software1
Positive Technologies
Positive Technologiesadded 2019/03/30 12:0 a.m.2 views

PT-2019-11975 · Grandstream · Grandstream Ucm6204

Name of the Vulnerable Software and Affected Versions: Grandstream UCM6204 version 1.0.19.20 and earlier Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the file-backup parameter to the "/cgi" API endpoint. Recommendations: For...

9CVSS8.7AI score0.06893EPSS
Exploits3References3
Rows per page
Query Builder