CVE-2018-16659

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
References
Link Resource
https://www.exploit-db.com/exploits/45500/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:rausoft:id.prove:2.95:*:*:*:*:*:*:*

Information

Published : 2018-09-28 12:29

Updated : 2019-11-05 06:09


NVD link : CVE-2018-16659

Mitre link : CVE-2018-16659

Products Affected
No products.
CWE