CVE-2018-18251
Deltek Vision 7.x before 7.6 allows an authenticated attacker to execute arbitrary SQL via a custom RPC over HTTP protocol. The client-side enforcement of security rules can be bypassed (e.g., encryption obfuscation with hard-coded keys), enabling potential arbitrary SQL execution and impacts to ...