Security Advisory

CVE-2021-27950

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-02 14:26:04
Last updated 2024-08-03 21:33:17
Assigner mitre
State PUBLISHED

Description

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.