Vulnerability Details CVE-2020-13127
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2020-13127
-
cpe:2.3:a:loway:queuemetrics:-
-
cpe:2.3:a:loway:queuemetrics:12.01
-
cpe:2.3:a:loway:queuemetrics:12.02
-
cpe:2.3:a:loway:queuemetrics:12.05
-
cpe:2.3:a:loway:queuemetrics:12.10
-
cpe:2.3:a:loway:queuemetrics:13.04
-
cpe:2.3:a:loway:queuemetrics:13.12
-
cpe:2.3:a:loway:queuemetrics:14.03
-
cpe:2.3:a:loway:queuemetrics:14.06
-
cpe:2.3:a:loway:queuemetrics:14.10
-
cpe:2.3:a:loway:queuemetrics:15.02
-
cpe:2.3:a:loway:queuemetrics:15.10
-
cpe:2.3:a:loway:queuemetrics:16.09
-
cpe:2.3:a:loway:queuemetrics:17.06
-
cpe:2.3:a:loway:queuemetrics:17.06.1
-
cpe:2.3:a:loway:queuemetrics:18.04
-
cpe:2.3:a:loway:queuemetrics:19.04