2 matches found
CVE-2020-15008
Summary: CVE-2020-15008 affects ConnectWise Automate prior to 2020.7 and the 2019.12 hotfix, where the probe code contains a SQL injection flaw in the data insertion path. The vulnerability arises from dynamic SQL construction that uses a user-supplied table name with minimal validation, enabling...
CVE-2021-32582
The CVE-2021-32582 entry concerns ConnectWise Automate (before 2021.5). The vulnerability is a blind SQL injection in the core agent inventory communication, exposed via crafted monitor status responses. The issue could allow an attacker to extract database information or administrative credentia...