CVE-2018-8820

Square 9 GlobalForms 6.2.x is vulnerable to a time-based SQL injection in the match parameter. The issue allows remote authenticated attackers to execute arbitrary SQL and, in some cases, upgrade to full server compromise via xp_cmdshell; authentication can sometimes be achieved with default admi...