CVE-2020-5724 - AskarLabs CVE Database

CVE-2020-5724

Vendor N/A

Product Grandstream UCM6200 series

Weakness CWE-89 · SQLi

Published March 30, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.

Key dates

02Disclosure timeline

March 30, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5724

Related vulnerabilities

04Related CVE

CVE-2025-49784 CVE-2026-40829 Authenticated SQLi in UpdateParam function CVE-2022-4871 ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection CVE-2024-11632 code-projects Simple Car Rental System book_car.php sql injection CVE-2026-5035 code-projects Accounting System Parameter view_work.php sql injection