CVE-2020-3937

Description

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Changing / Syuan-Gu-Da-Shih0 – 20191223

References

MISChttps://tvn.twcert.org.tw/taiwanvn/TVN-201910013
MISChttps://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215