Command Injection Vulnerability in GaussDB 200 (Version 6.5.1)

Command Injection Vulnerability in GaussDB 200 (Version 6.5.1)

CVE-2020-1790 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands.

Learn more about our External Network Penetration Testing.