CVE-2020-26525

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT

Description

Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.

lukaszstu/SmartAsset-SQLinj-CVE-2020-26525
lukaszstu/SmartAsset-SQLinj-CVE-2020-26525
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter.
GitHubGitHub
1