SQL Injection Vulnerability in SoftExpert (SE) Excellence Suite 2.0: Remote Authenticated SQL Heuristics via cddocument Parameter

SQL Injection Vulnerability in SoftExpert (SE) Excellence Suite 2.0: Remote Authenticated SQL Heuristics via cddocument Parameter

CVE-2018-12977 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.