CVE-2017-20195

MEDIUM Year: 2017
CVSS v3 Score
5.5
Medium
CVSS v2 Score
5.2
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue.

Related Vulnerabilities

CVE-2018-9493

MEDIUM
CVSS:5.5(Medium)

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privil...

CWE-892018

CVE-2019-19850

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injec...

CWE-892019

CVE-2019-2196

MEDIUM
CVSS:5.5(Medium)

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P...

CWE-892019

CVE-2019-2198

MEDIUM
CVSS:5.5(Medium)

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo...

CWE-892019

CVE-2020-0344

MEDIUM
CVSS:5.5(Medium)

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n...

CWE-892020

CVE-2020-0352

MEDIUM
CVSS:5.5(Medium)

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n...

CWE-892020