CVE-2018-12977
HIGHSoftExpert Excellence Suite 2.0 - Authenticated SQL Injection via cddocument Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-12977. PoCs published by Seren PORSUK.
AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in SoftExpert Excellence Suite 2.0 via the 'cddocument' parameter. It provides details on the vulnerable URL and parameter but does not include functional exploit code.
Description
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.
Exploits (1)
This is a writeup describing a SQL injection vulnerability in SoftExpert Excellence Suite 2.0 via the 'cddocument' parameter. It provides details on the vulnerable URL and parameter but does not include functional exploit code.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H