CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-26944

An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.aptean.com
https://www.logicallysecure.com/blog/sql-injection-in-aptean/
https://www.aptean.com
https://www.logicallysecure.com/blog/sql-injection-in-aptean/

Products affected by CVE-2020-26944

Aptean » Product Configurator » Version: 4.61.0000

cpe:2.3:a:aptean:product_configurator:4.61.0000
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26944

Products

Pricing

Contact Us