CVEs-PoC/2020/CVE-2020-5722.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 15:15:46 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.

POC

Reference

http://packetstormsecurity.com/files/156876/UCM6202-1.0.18.13-Remote-Command-Injection.html
http://packetstormsecurity.com/files/165708/Grandstream-UCM62xx-IP-PBX-sendPasswordEmail-Remote-Code-Execution.html
https://www.tenable.com/security/research/tra-2020-15

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

1.1 KiB Raw Blame History

CVE-2020-5722

Description

POC

Reference

Github

1.1 KiB

Raw Blame History