CVE-2020-8887
Description
An unauthenticated SQL injection vulnerability in Telestream Tektronix Medius and Sentry before 10.7.5 allows attackers to dump database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated SQL injection vulnerability in Telestream Tektronix Medius and Sentry before 10.7.5 allows attackers to dump database contents.
Vulnerability
A SQL injection vulnerability exists in the index.php script of Telestream Tektronix Medius and Sentry versions prior to 10.7.5 [1]. The page parameter, when set to login in a POST request, is not properly sanitized, allowing an unauthenticated attacker to inject arbitrary SQL commands. This affects Medius 10.6.2 and Sentry 10.6.6, as well as likely earlier versions [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted POST request to the server login page with a malicious page parameter. No authentication is required. The advisory demonstrates using sqlmap to automate the exploitation, starting with a request containing _z=0&page=login&username=admin&passwd=1234&submit=+Log+In+ and then progressively dumping database schemas and tables [1].
Impact
Successful exploitation allows an unauthenticated attacker to enumerate and dump the entire contents of the system databases. This includes database names, tables, user credentials, channel/feed subscriptions, and other sensitive information stored on the device [1]. The impact is high due to the exposure of confidential data without any prior authentication.
Mitigation
The vulnerability is fixed in version 10.7.5 of both Telestream Tektronix Medius and Sentry [1]. Users should upgrade to this version or later. No workarounds are provided in the available references. The CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Telestream Tektronix/Mediusdescription
- Range: <10.7.5
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization on the `page` parameter in `index.php` allows SQL injection."
Attack vector
An unauthenticated attacker sends a POST request to `index.php` with the `page` parameter set to `login` and includes the standard login form fields (`_z`, `username`, `passwd`, `submit`). The `page` parameter value is passed unsanitized into a SQL query, enabling the attacker to inject PostgreSQL commands via that parameter. Because no authentication is required to reach the login page, any network-reachable attacker can exploit this to enumerate and dump database contents, including user tables and system configuration data [ref_id=1].
Affected code
The vulnerability is in `index.php` on the server login page. The `page` parameter, when set to `login` in a POST request, is not sanitized before being used in a SQL query, allowing injection of arbitrary SQL commands [ref_id=1].
What the fix does
The advisory states the issue was fixed in version 10.7.5 for both Sentry and Medius [ref_id=1]. No patch diff is provided in the bundle, but the fix presumably involves proper sanitization or parameterization of the `page` input before it is used in SQL queries. Users are advised to upgrade to version 10.7.5 or later to remediate the vulnerability.
Preconditions
- authNo authentication required; the login page is publicly accessible
- networkAttacker must be able to send HTTP POST requests to the target device
- inputThe `page` POST parameter is attacker-controlled and unsanitized
Reproduction
The advisory includes a proof of concept: send a POST request to `index.php` with body `_z=0&page=login&username=admin&passwd=1234&submit=+Log+In+`. Using sqlmap, an attacker can automate the injection, e.g.: `sqlmap -u "http://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/google/security-research/security/advisories/GHSA-g69r-8jwh-2462mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.