CVE-2020-27660

Description

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Synology / Safe Accessunspecified – 1.2.3-0234

References

MISChttps://www.synology.com/security/advisory/Synology_SA_20_25
MISChttps://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1087
MISChttps://github.com/thomasfady/Synology_SA_20_25