Security Advisory

CVE-2018-16659

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-09-28 00:00:00

Last updated 2024-08-05 10:32:53

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

← Browse all CVEs View on cve.org ↗