CVE-2020-12507 HIGH

CVE-2020-12507: s::can moni::tools autheticated SQL injection

Vendor S::can

Product moni:tools

Weakness CWE-89 · SQLi

Published November 7, 2022

Last update May 1, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.

Key dates

02Disclosure timeline

November 7, 2022 CVE published

May 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-12507 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-6003 Guangdong Baolun Electronics IP Network Broadcasting Service Platform maps sql injection CVE-2023-5435 Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2025-7163 PHPGurukul Zoo Management System add-animals.php sql injection CVE-2025-12257 SourceCodester Online Student Result System view_result.php sql injection CVE-2025-12853 SourceCodester Best House Rental Management System admin_class.php delete_house sql injection