CVE-2020-24841

CRITICAL

SDG Pnpscada - SQL Injection

Title source: rule

Description

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploits (1)

exploitdb WORKING POC

by İsmail ERKEK · textwebappshardware

https://www.exploit-db.com/exploits/48757

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://sdg.com

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48757

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

sdg/pnpscada 2.200816204020

Published Feb 16, 2021

Tracked Since Feb 18, 2026