CVE-2020-27660 CRITICAL

CVE-2020-27660

Vendor Synology

Product Safe Access

Weakness CWE-89 · SQLi

Published November 30, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

Key dates

02Disclosure timeline

November 30, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27660

Related vulnerabilities

04Related CVE

CVE-2024-2528 MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php sql injection CVE-2024-8669 Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection CVE-2025-0172 code-projects Chat System deleteroom.php sql injection CVE-2021-24731 Pie Register < 3.7.1.6 - Unauthenticated SQL Injection CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

Identifiers

CVE CVE-2020-27660

CWE CWE-89

CVSS 9.6 / CRITICAL

Affected versions

Vendor Synology

Product Safe Access

Affected ≥ unspecified and < 1.2.3-0234