SQL Injection Vulnerability in CMG Suite 8.4 SP2 and Earlier: Insufficient Input Validation in changepwd Interface

SQL Injection Vulnerability in CMG Suite 8.4 SP2 and Earlier: Insufficient Input Validation in changepwd Interface

CVE-2018-18286 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.

Learn more about our Web Application Penetration Testing UK.