SQL Injection in LATRIX 0.6.0: Information Disclosure and Code Execution via txtaccesscode Parameter
CVE-2021-30000 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.