CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view
https://www.exploit-db.com/exploits/47542
https://drive.google.com/file/d/1QYgj4FU0MjSIhgXwddg4L5no9KYn8E9v/view
https://www.exploit-db.com/exploits/47542

Products affected by CVE-2019-12720

Auo » Sunveillance Monitoring System & Data Recorder » Version: N/A

cpe:2.3:a:auo:sunveillance_monitoring_system_&_data_recorder:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12720

Products

Pricing

Contact Us