CVE-2020-36631

Published: Dic 25, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-24086 Aliases: GSD-2020-36631

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as critical. This vulnerability affects the function update_profile of the file gamespy/gs_database.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated remotely. The name of the patch is f70eb21394f75019886fbc2fb536de36161ba422. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216772.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0006

Percentile

0,2th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Authentication Access Control

Potential Impacts:

Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, SQL

Technologies: Database Server

Likelihood of Exploit: High

View CWE Details

Application

Dwc Network Server Emulator by Dwc Network Server Emulator Project

Product Information

Vendor Dwc Network Server Emulator Project

Product Dwc Network Server Emulator

Version Range Affected

To 2020-07-10 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:dwc_network_server_emulator_project:dwc_network_server_emulator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/barronwaffles/dwc_network_server_emulato…

Patch Third Party Advisory

https://github.com/barronwaffles/dwc_network_server_emulator/commit/f70eb21394f…

https://github.com/barronwaffles/dwc_network_server_emulato…

Patch Third Party Advisory

https://github.com/barronwaffles/dwc_network_server_emulator/pull/538

https://vuldb.com/?ctiid.216772

Third Party Advisory

https://vuldb.com/?ctiid.216772

https://vuldb.com/?id.216772

Third Party Advisory

https://vuldb.com/?id.216772

https://github.com/barronwaffles/dwc_network_server_emulato…

Patch Third Party Advisory

https://github.com/barronwaffles/dwc_network_server_emulator/commit/f70eb21394f…

https://github.com/barronwaffles/dwc_network_server_emulato…

Patch Third Party Advisory

https://github.com/barronwaffles/dwc_network_server_emulator/pull/538

https://vuldb.com/?ctiid.216772

Third Party Advisory

https://vuldb.com/?ctiid.216772

https://vuldb.com/?id.216772

Third Party Advisory

https://vuldb.com/?id.216772

CVE-2020-36631

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Common Consequences

Applicable Platforms

Dwc Network Server Emulator by Dwc Network Server Emulator Project

Product Information

Iscriviti alla newsletter