6 matches found
CVE-2020-10580
The CVE-2020-10580 entry describes a command injection in Invigo Automatic Device Management (ADM) via the /admin/broadcast.php script, affecting ADM versions through 5.0. The underlying flaw enables remote authenticated attackers to execute arbitrary PHP code on the server as the application use...
CVE-2020-10582
CVE-2020-10582 describes a SQL injection in Invigo Automatic Device Management (ADM) prior to or including version 5.0, affecting the script at /admin/display_errors.php. The underlying issue allows remote attackers to execute arbitrary SQL queries against the database, with potential data readin...
CVE-2020-10583
CVE-2020-10583 affects Invigo Automatic Device Management (ADM) up to version 5.0. The vulnerability is an arbitrary OS command injection in the /admin/admapi.php script, exploitable by remote authenticated attackers who execute commands on the server as the application user. This is documented a...
CVE-2020-10584
CVE-2020-10584 is a directory traversal vulnerability affecting Invigo Automatic Device Management (ADM) via the /admin/search_by.php script, reported for ADM 5.0 and earlier. The root cause is directory traversal that allows remote attackers to read arbitrary files on the server accessible to th...
CVE-2020-10579
The CVE-2020-10579 vulnerability affects Invigo Automatic Device Management (ADM) up to and including version 5.0, in the /admin/sysmon.php script. A directory traversal flaw allows remote attackers to list contents of arbitrary server directories accessible to the application user, enabling disc...
CVE-2020-10581
Invigo Automatic Device Management (ADM) up to version 5.0 contains multiple session validity check issues in several administration functions. The Red Hat/CVE, NVD, CNVD, CVE listings and related advisories describe a vulnerability that could allow remote attackers to read potentially sensitive ...