CVE-2018-18286
CVE-2018-18286 affects CMG Suite 8.4 SP2 and earlier. The vulnerability arises from insufficient input validation in the changepwd interface, enabling an unauthenticated attacker to perform SQL injection. Consequences described include extraction of sensitive database data and execution of arbitr...