2 matches found
CVE-2020-36908
The CVE-2020-36908 entry concerns the Secure Computing SnapGear Management Console SG560 (v3.1.5). The vulnerability is a CSRF flaw that lets an attacker perform administrative actions without user consent by enticing a logged-in user to visit a malicious page; a crafted request can auto-create a...
CVE-2020-36909
CVE-2020-36909 affects SnapGear Management Console SG560 3.1.5. The vulnerability is described as an arbitrary file read/write through the edit_config_files CGI script, where authenticated users can manipulate POST parameters to the /cgi-bin/cgix/edit_config_files endpoint to access and modify fi...