Headline

CVE-2020-3935: Dr.ID SQL Injection and Information exposure

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.

4 years ago

CVE

Open in Source

#sql #vulnerability

> [CVE Numbers and CVSS Scores]

> CVE-2020-3933 (5.3)

> CVE-2020-3934 (9.8)

> CVE-2020-3935 (7.5)

> ------------------------------------------

> [Vulnerability Type]

> SQL Injection

> Information exposure

> ------------------------------------------

> [Vendor of Product]

> SECOM

> ------------------------------------------

> [Affected Product Code Base]

> Dr.ID

> ------------------------------------------

> [Affected Component]

> 門禁(Access control) Ver 3.3.2 考勤(Attendance) Ver 3.3.0.3_20160517

> ------------------------------------------

> [Attack Type]

> Remote

> ------------------------------------------

> [Impact Code execution]

> true

> ------------------------------------------

> [Mitigations]

> Update to 門禁(Access control) Ver 3.5.4 考勤(Attendance) Ver 3.4.0.0.3.05_20191112

> [Reference]

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3934

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3935

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-3934

> ------------------------------------------

> [Discoverer]

> CHT Security/hans

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago