Vulnerability Details CVE-2020-3936
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 65.4%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References
Products affected by CVE-2020-3936
-
cpe:2.3:h:unisoon:ultralog_express:-
-
cpe:2.3:o:unisoon:ultralog_express_firmware:1.4.0