Invigo
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10582 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2021 | A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. | ||
| CVE-2020-10580 | Hig | 0.58 | 8.8 | 0.04 | Mar 25, 2021 | A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application. | ||
| CVE-2020-10583 | Hig | 0.57 | 8.8 | 0.03 | Mar 25, 2021 | The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. | ||
| CVE-2020-10584 | Hig | 0.49 | 7.5 | 0.02 | Mar 25, 2021 | A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. | ||
| CVE-2020-10581 | Hig | 0.49 | 7.5 | 0.01 | Mar 25, 2021 | Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | ||
| CVE-2020-10579 | Hig | 0.49 | 7.5 | 0.02 | Mar 25, 2021 | A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. |
- risk 0.64cvss 9.8epss 0.02
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
- risk 0.58cvss 8.8epss 0.04
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
- risk 0.57cvss 8.8epss 0.03
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.
- risk 0.49cvss 7.5epss 0.02
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application.
- risk 0.49cvss 7.5epss 0.01
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.
- risk 0.49cvss 7.5epss 0.02
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.