CVE-2018-16659

2018-09-2800:00:00

mitre

www.cve.org

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master…xp_cmdshell for the further privilege elevation.

References

www.exploit-db.com/exploits/45500/