Invigo Automatic Device Management vulnerabilities
6 known vulnerabilities affecting invigo/automatic_device_management.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5
Vulnerabilities
Page 1 of 1
CVE-2020-10580P2HIGHCVSS 8.8≤ 5.02021-03-25
CVE-2020-10580 [HIGH] CWE-77 CVE-2020-10580: A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) t
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
nvd
CVE-2020-10583P3HIGHCVSS 8.8≤ 5.02021-03-25
CVE-2020-10583 [HIGH] CWE-78 CVE-2020-10583: The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote a
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.
nvd
CVE-2020-10582P3CRITICALCVSS 9.8≤ 5.02021-03-25
CVE-2020-10582 [CRITICAL] CWE-89 CVE-2020-10582: A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM)
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
nvd
CVE-2020-10579P3HIGHCVSS 7.5≤ 5.02021-03-25
CVE-2020-10579 [HIGH] CWE-22 CVE-2020-10579: A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) th
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.
nvd
CVE-2020-10584P3HIGHCVSS 7.5≤ 5.02021-03-25
CVE-2020-10584 [HIGH] CWE-22 CVE-2020-10584: A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM)
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application.
nvd
CVE-2020-10581P3HIGHCVSS 7.5≤ 5.02021-03-25
CVE-2020-10581 [HIGH] CWE-668 CVE-2020-10581: Multiple session validity check issues in several administration functionalities of Invigo Automatic
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.
nvd