CVE-2017-3183
Sage XRT Treasury v3 is affected by CVE-2017-3183 through an authorization bypass where database access privileges are determined by the USER_CODE field. An authenticated, low-privilege user can alter USER_CODE to match a privileged user and gain full/privileged access to the SQL database, enabli...