SQL Injection in Multi-Tech FaxFinder before 5.1.6: Extracting Database Schema and Disclosing Fax Server Information

SQL Injection in Multi-Tech FaxFinder before 5.1.6: Extracting Database Schema and Disclosing Fax Server Information

CVE-2018-17562 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.