Vulnerability Details CVE-2020-35337
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-35337
-
cpe:2.3:a:thinksaas:thinksaas:2.6
-
cpe:2.3:a:thinksaas:thinksaas:2.7
-
cpe:2.3:a:thinksaas:thinksaas:2.91
-
cpe:2.3:a:thinksaas:thinksaas:3.1
-
cpe:2.3:a:thinksaas:thinksaas:3.2
-
cpe:2.3:a:thinksaas:thinksaas:3.21
-
cpe:2.3:a:thinksaas:thinksaas:3.22
-
cpe:2.3:a:thinksaas:thinksaas:3.23
-
cpe:2.3:a:thinksaas:thinksaas:3.3
-
cpe:2.3:a:thinksaas:thinksaas:3.33