CVE-2020-10512
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HGiga | C&Cmail | CCMAILQ before olln-calendar-6.0-100.i386.rpm | affected |
| HGiga | C&Cmail | CCMAILN before olln-calendar-5.0-100.i386.rpm | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-3536-79545-1.html
- https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a
- https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e
References
- https://www.twcert.org.tw/tw/cp-132-3536-79545-1.html
- https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a
- https://www.chtsecurity.com/news/545daf88-adb4-4417-9870-426490c1429e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.