Blind SQL Injection in Secure 8 (Evalos): Unauthorized Data Extraction

CVE-2021-3604 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.