CVE-2018-12977

HIGH

SoftExpert Excellence Suite 2.0 - Authenticated SQL Injection via cddocument Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12977. PoCs published by Seren PORSUK.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in SoftExpert Excellence Suite 2.0 via the 'cddocument' parameter. It provides details on the vulnerable URL and parameter but does not include functional exploit code.

Description

A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.

Exploits (1)

exploitdb WRITEUP
by Seren PORSUK · textwebappsphp
https://www.exploit-db.com/exploits/44981

This is a writeup describing a SQL injection vulnerability in SoftExpert Excellence Suite 2.0 via the 'cddocument' parameter. It provides details on the vulnerable URL and parameter but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: SoftExpert Excellence Suite 2.0
Auth required
Prerequisites: Authenticated access to the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44981/

Scores

CVSS v3 8.8
EPSS 0.0146
EPSS Percentile 70.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
softexpert/excellence_suite 2.0
Published Jul 09, 2018
Tracked Since Feb 18, 2026