Vulnerabilities > Grandstream > Ucm6204 > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-30 CVE-2019-10663 SQL Injection vulnerability in Grandstream Ucm6204 Firmware
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI.
network
low complexity
grandstream CWE-89
6.5