3 matches found
CVE-2017-15378
SQL Injection exists in the E-Sic 1.0 password reset parameter aka the cpfcnpj parameter to the /reset URI...
CVE-2017-15378
CVE-2017-15378 affects E-Sic version 1.0, where a SQL injection exists in the password-reset parameter cpfcnpj of the /reset endpoint. Root cause: unsafely interpolated input in the reset parameter leads to arbitrary SQL execution. Impact: remote attacker could execute arbitrary SQL commands (hig...
CVE-2017-15378
SQL Injection exists in the E-Sic 1.0 password reset parameter aka the cpfcnpj parameter to the /reset URI...