Vulnerability Details CVE-2020-27660
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.7%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 10.0
References
- https://github.com/thomasfady/Synology_SA_20_25
- https://www.synology.com/security/advisory/Synology_SA_20_25
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087
- https://github.com/thomasfady/Synology_SA_20_25
- https://www.synology.com/security/advisory/Synology_SA_20_25
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087
Products affected by CVE-2020-27660
-
cpe:2.3:a:synology:safeaccess:-