SQL Injection in Xavier PHP Management Panel 2.4 via usertoedit and log_id parameters
CVE-2017-15949 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.