HIGH🇬🇧 English

CVE-2018-12977

CVSS 8.8v3.0pub. 2018-07-09upd. 2024-11-21

A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Softexpert Excellence Suite

    APP
    Softexpert
    2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2023-30330CRITICAL9.8ten sam produkt

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the functi...

CVE-2023-33515MEDIUM5.4ten sam produkt

SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens.

CVE-2018-12977 — HIGH 8.8 | CVEbaza.pl