SQL Injection in Xavier PHP Management Panel 2.4 via usertoedit and log_id parameters

SQL Injection in Xavier PHP Management Panel 2.4 via usertoedit and log_id parameters

CVE-2017-15949 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.