CVE-2020-10579
- EPSS 0.43%
- Veröffentlicht 25.03.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:37
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.
CVE-2020-10580
- EPSS 11.23%
- Veröffentlicht 25.03.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:37
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
CVE-2020-10581
- EPSS 0.29%
- Veröffentlicht 25.03.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:38
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.
CVE-2020-10582
- EPSS 0.51%
- Veröffentlicht 25.03.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:38
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
- EPSS 2.36%
- Veröffentlicht 25.03.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:38
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.
CVE-2020-10584
- EPSS 0.43%
- Veröffentlicht 25.03.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:38
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application.