SQL Injection Vulnerability in SoftExpert (SE) Excellence Suite 2.0: Remote Authenticated SQL Heuristics via cddocument Parameter
CVE-2018-12977 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.