Critical SQL Injection Vulnerability in Local Services Search Engine Management System Project 1.0 Allows Unauthorized Data Dump

Critical SQL Injection Vulnerability in Local Services Search Engine Management System Project 1.0 Allows Unauthorized Data Dump

CVE-2021-27999 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.