Arbitrary Command Execution and SQL Injection in Project Pier 0.8.8 and Earlier
CVE-2018-10759 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.