Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-3935: Dr.ID SQL Injection and Information exposure

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.

CVE
#sql#vulnerability

> [CVE Numbers and CVSS Scores]

> CVE-2020-3933 (5.3)

> CVE-2020-3934 (9.8)

> CVE-2020-3935 (7.5)

> ------------------------------------------

>

> [Vulnerability Type]

> SQL Injection

> Information exposure

> ------------------------------------------

>

> [Vendor of Product]

> SECOM

>

> ------------------------------------------

>

> [Affected Product Code Base]

> Dr.ID

>

> ------------------------------------------

>

> [Affected Component]

> 門禁(Access control) Ver 3.3.2 考勤(Attendance) Ver 3.3.0.3_20160517

> ------------------------------------------

>

> [Attack Type]

> Remote

>

> ------------------------------------------

>

> [Impact Code execution]

> true

>

> ------------------------------------------

> [Mitigations]

> Update to 門禁(Access control) Ver 3.5.4 考勤(Attendance) Ver 3.4.0.0.3.05_20191112

>

> [Reference]

>

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3934

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3935

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3934

> ------------------------------------------

>

> [Discoverer]

> CHT Security/hans

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907