SQL Injection Vulnerability in UltraLog Express Device Management Interface

SQL Injection Vulnerability in UltraLog Express Device Management Interface

CVE-2020-3936 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.