cvedb.io
CVE-2018-16659
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-09-28T00:29:02.443 · Last modified 2026-06-17T01:44:38.173

Summary

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.

Affected products

rausoft — id.prove

Does this affect you?

Add your gear to cvedb and we'll alert you only when rausoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.