CVE-2020-3937

HIGH

SysJust Syuan-Gu-Da-Shih <20191223 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://tvn.twcert.org.tw/taiwanvn/TVN-201910013

Scores

CVSS v3 8.1
EPSS 0.0138
EPSS Percentile 68.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
sysjust/syuan-gu-da-shin < 20191223
Published Feb 04, 2020
Tracked Since Feb 18, 2026