Multiple SQL Injection Vulnerabilities in Advantech iView 5.6 and Prior Versions
CVE-2020-14497 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.