CVE-2018-25398

Open ISES Project 3.30A is affected by an SQL injection in main.php via the frm_passwd parameter. Unauthenticated attackers can send crafted POST requests to extract database information (usernames, database names, version details). The issue is documented across CVE entries (CVE-2018-25398). No ...