CVE-2018-16659

CVE-2018-16659

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

Source: CVE-2018-16659

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다