CVE-2018-16659

2018-09-2800:00:00

mitre

www.cve.org

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master…xp_cmdshell for the further privilege elevation.

References

www.exploit-db.com/exploits/45500/