Critical SQL Injection Vulnerability in Local Services Search Engine Management System Project 1.0 Allows Unauthorized Data Dump
CVE-2021-27999 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.