How severe is CVE-2020-3450?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2020-3450?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2020-3450 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the web-based management interface and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data that is stored in the underlying database, including hashed user credentials. To exploit this vulnerability, an attacker would need valid administrative credentials.

Related Vulnerabilities

CVE-2017-14600

MEDIUM

CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.

CWE-892017

CVE-2017-14601

MEDIUM

CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.

CWE-892017

CVE-2017-17822

MEDIUM

CVSS:4.9(Medium)

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQ...

CWE-892017

CVE-2017-17823

MEDIUM

CVSS:4.9(Medium)

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connec...

CWE-892017

CVE-2017-17824

MEDIUM

CVSS:4.9(Medium)

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the d...

CWE-892017

CVE-2017-3886

MEDIUM

CVSS:4.9(Medium)

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, ...

CWE-892017