RSS   Vulnerabilities for 'Id.prove'   RSS

2018-09-27
 
CVE-2018-16659

CWE-89
 

 
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

 


Copyright 2024, cxsecurity.com

 

Back to Top