SQL Injection in LATRIX 0.6.0: Information Disclosure and Code Execution via txtaccesscode Parameter

SQL Injection in LATRIX 0.6.0: Information Disclosure and Code Execution via txtaccesscode Parameter

CVE-2021-30000 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.