SQL Injection in Multi-Tech FaxFinder before 5.1.6: Extracting Database Schema and Disclosing Fax Server Information
CVE-2018-17562 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.