CVE-2020-21152

Description

SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.

Related CPE's

ainxeduinxedu2.0.6*******

References

http://8sec.cc/index.php/archives/330/

Broken Link

https://gitee.com/inxeduopen/inxedu/issues/I14DNG

ExploitIssue TrackingThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io