CVE-2020-27660: SQL Injection
First published: Mon Nov 30 2020(Updated: )
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology SafeAccess | <1.2.3-0234 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2020-27660.
What is the affected software?
The affected software is Synology SafeAccess version up to and exclusive of 1.2.3-0234.
What is the severity of CVE-2020-27660?
The severity of CVE-2020-27660 is critical with a CVSS score of 9.8.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by executing arbitrary SQL commands through the domain parameter in request.cgi.
Are there any available fixes for this vulnerability?
Yes, Synology has released a patch for this vulnerability. Please update to version 1.2.3-0234 or later to fix the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/synology
- canonical/synology safeaccess