Vulnerability Details CVE-2020-3936
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.0%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References
Products affected by CVE-2020-3936
-
cpe:2.3:h:unisoon:ultralog_express:-
-
cpe:2.3:o:unisoon:ultralog_express_firmware:1.4.0