E-Sic 1.0 Password Reset SQL Injection Vulnerability

E-Sic 1.0 Password Reset SQL Injection Vulnerability

CVE-2017-15378 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).

Learn more about our Web Application Penetration Testing UK.