Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-8820. PoCs published by hateshape.
AI-analyzed exploit summary This is a functional PoC for CVE-2018-8820, demonstrating an authenticated blind SQL injection in Square 9 GlobalForms 6.2. It uses a time-based delay to verify the vulnerability by injecting a SQL payload into the target URL.
Description
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials.
Exploits (1)
This is a functional PoC for CVE-2018-8820, demonstrating an authenticated blind SQL injection in Square 9 GlobalForms 6.2. It uses a time-based delay to verify the vulnerability by injecting a SQL payload into the target URL.
References (1)
Scores
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H