SQL Injection Vulnerability in Polaris FT Intellect Core Banking 9.7.1 Armor Module

SQL Injection Vulnerability in Polaris FT Intellect Core Banking 9.7.1 Armor Module

CVE-2018-14874 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.