SQL Injection Vulnerability in EIC e-document System's Data Querying Function

CVE-2021-22859 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.