Authenticated Blind SQL Injection in Computrols CBAS 18.0.0 via id GET Parameter

Authenticated Blind SQL Injection in Computrols CBAS 18.0.0 via id GET Parameter

CVE-2019-10852 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.