A SQL injection vulnerability in azurWebEngine in Sita AzurCMS up to and including 1.2.3.12 allows an authenticated malicious user to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sitasoftware azurcms |