VYPR

ID.prove

by Rausoft

CVEs (1)

  • CVE-2018-16659CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.