SQL Injection Vulnerability in UltraLog Express Device Management Interface
CVE-2020-3936 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.