Authenticated Blind SQL Injection in Computrols CBAS 18.0.0 via id GET Parameter
CVE-2019-10852 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.