2 matches found
CVE-2018-25398
Open ISES Project 3.30A is affected by an SQL injection in main.php via the frm_passwd parameter. Unauthenticated attackers can send crafted POST requests to extract database information (usernames, database names, version details). The issue is documented across CVE entries (CVE-2018-25398). No ...
CVE-2018-25398 The Open ISES Project 3.30A SQL Injection via main.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...