4 matches found
CVE-2019-14707
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI...
Remote code execution
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI...
Sql injection
An issue was discovered in MRCMS aka mushroom through 3.1.2. The WebParam.java file directly accepts the FIELDT parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel in the ChannelService.java file...
CVE-2018-17796
An issue was discovered in MRCMS aka mushroom through 3.1.2. The WebParam.java file directly accepts the FIELDT parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel in the ChannelService.java file...