SQL Injection Vulnerability in CASAP Automated Enrollment System 1.0 Login Panel Allows for Admin Panel Access

SQL Injection Vulnerability in CASAP Automated Enrollment System 1.0 Login Panel Allows for Admin Panel Access

CVE-2021-26201 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.