Remote SQL Injection Vulnerability in FileRun (version 2017.09.18 and below)

Remote SQL Injection Vulnerability in FileRun (version 2017.09.18 and below)

CVE-2017-14738 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.