Unisoon: >> Ultralog Express Security Vulnerabilities
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-03-27
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
CVSS Score
8.6
EPSS Score
0.002
Published
2020-03-27
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
CVSS Score
10.0
EPSS Score
0.004
Published
2020-03-27