Arbitrary Command Execution and SQL Injection in Project Pier 0.8.8 and Earlier

Arbitrary Command Execution and SQL Injection in Project Pier 0.8.8 and Earlier

CVE-2018-10759 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.