CVE-2020-7500
published 2020-06-16CVE-2020-7500: A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.90%
77.1th percentile
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| schneider-electric | mtn6260-0310_firmware | < 1.4.2 | 1.4.2 |
| schneider-electric | mtn6260-0315_firmware | < 1.4.2 | 1.4.2 |
| schneider-electric | mtn6260-0410_firmware | < 1.4.2 | 1.4.2 |
| schneider-electric | mtn6260-0415_firmware | < 1.4.2 | 1.4.2 |
| schneider-electric | mtn6501-0001_firmware | < 1.4.2 | 1.4.2 |
| schneider-electric | mtn6501-0002_firmware | < 1.4.2 | 1.4.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pvq3-jwgr-p6qw: A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U
ghsa_unreviewed·2022-05-24
CVE-2020-7500 [HIGH] CWE-89 GHSA-pvq3-jwgr-p6qw: A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.
Chrome
Stable Channel Update for Desktop: CVE-2021-21109
vendor_chrome·2021-01-06·CVSS 9.6
CVE-2021-21109 [HIGH] Stable Channel Update for Desktop: CVE-2021-21109
Stable Channel Update for Desktop
CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24 [$15000][ 1152451 ] High CVE-2021-21110: Use after free in safe browsing
Reported by Anonymous on 2020-11-24 [$7500][ 1149125 ] High CVE-2021-21111: Insufficient policy enforcement in WebUI
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-16025
vendor_chrome·2020-11-17·CVSS 9.6
CVE-2020-16025 [HIGH] Stable Channel Update for Desktop: CVE-2020-16025
Stable Channel Update for Desktop
CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero on 2020-11-10 [$TBD][ 1125614 ] High CVE-2020-16045: Use after free in Payments
Reported by Man Yue Mo of GitHub Security Lab on 2020-09-07 [$7500][ 1139153 ] Medium CVE-2020-16026: Use after free in WebRTC
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-16014
vendor_chrome·2020-11-17·CVSS 9.6
CVE-2020-16014 [HIGH] Stable Channel Update for Desktop: CVE-2020-16014
Stable Channel Update for Desktop
CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab on 2020-11-07 [$7500+$7500][ 1146761 ] High CVE-2020-16023: Use after free in WebCodecs
Reported by Brendon Tiszka and David Manouchehri supporting the @eff on 2020-11-07 [$NA][ 1147430 ] High CVE-2020-16024: Heap buffer overflow in UI
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-15974
vendor_chrome·2020-10-06·CVSS 8.8
CVE-2020-15974 [MEDIUM] Stable Channel Update for Desktop: CVE-2020-15974
Stable Channel Update for Desktop
CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im (junorouse) of Theori on 2020-07-10 [$7500][ 1110800 ] Medium CVE-2020-15975: Integer overflow in SwiftShader
Reported by Anonymous on 2020-07-29 [$7500][ 1123522 ] Medium CVE-2020-15976: Use after free in WebXR
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2020-6542
vendor_chrome·2020-08-10·CVSS 8.8
CVE-2020-6542 [HIGH] Stable Channel Update for Desktop: CVE-2020-6542
Stable Channel Update for Desktop
CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2020-07-20
[$7500][ 1104046 ] High CVE-2020-6543: Use after free in task scheduling
Reported by Looben Yang on 2020-07-10
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6493
vendor_chrome·2020-06-03·CVSS 9.6
CVE-2020-6493 [HIGH] Stable Channel Update for Desktop: CVE-2020-6493
Stable Channel Update for Desktop
CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous on 2020-05-13 [$7500][ 1083972 ] High CVE-2020-6494: Incorrect security UI in payments
Reported by Juho Nurminen on 2020-05-18 [$TBD][ 1072116 ] High CVE-2020-6495: Insufficient policy enforcement in developer tools
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6467
vendor_chrome·2020-05-19·CVSS 8.8
CVE-2020-6467 [HIGH] Stable Channel Update for Desktop: CVE-2020-6467
Stable Channel Update for Desktop
CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
[$7500][ 1076708 ] High CVE-2020-6468: Type Confusion in V8
Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6831
vendor_chrome·2020-05-05·CVSS 8.8
CVE-2020-6831 [HIGH] Stable Channel Update for Desktop: CVE-2020-6831
Stable Channel Update for Desktop
CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-22
[$7500][ 1071059 ] High CVE-2020-6464: Type Confusion in Blink
Reported by Looben Yang on 2020-04-15
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2020-6383
vendor_chrome·2020-02-18·CVSS 8.8
CVE-2020-6383 [HIGH] Stable Channel Update for Desktop: CVE-2020-6383
Stable Channel Update for Desktop
CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2020-02-11
[$7500][ 1048473 ] High CVE-2020-6384: Use after free in WebAudio
Reported by David Manouchehri on 2020-02-04
Severity: high
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-16
Published