Ilya Timchenko

1 exploit Active since Sep 2018
CVE-2018-16659 EXPLOITDB CRITICAL text WORKING POC
Rausoft ID.prove <2.95 - SQL Injection
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
CVSS 9.8