SQL Injection Vulnerability in Control ID IDSecure 4.7.26.0 and Prior: Remote Code Execution

SQL Injection Vulnerability in Control ID IDSecure 4.7.26.0 and Prior: Remote Code Execution

CVE-2023-33367 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.