An issue exists in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rausoft id.prove 2.95 |