SQL Injection Vulnerability in EGPP GESAC v1 Authentication Form

SQL Injection Vulnerability in EGPP GESAC v1 Authentication Form

CVE-2019-16264 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.