SQL Injection Vulnerability in Nuance Winscribe Dictation 4.1.0.99 Exporter/Login.aspx Login Form

SQL Injection Vulnerability in Nuance Winscribe Dictation 4.1.0.99 Exporter/Login.aspx Login Form

CVE-2021-37599 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.