Unisoon: Security Vulnerabilities
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.
CVSS Score
8.1
EPSS Score
0.008
Published
2020-03-27
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
CVSS Score
8.6
EPSS Score
0.007
Published
2020-03-27
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
CVSS Score
10.0
EPSS Score
0.012
Published
2020-03-27