Microsoft Sql Server Remote Code Execution Vulnerability CVE-2020-0618

lyxa-gov September 18, 2020

 Microsoft Sql Server Remote Code Execution Vulnerability CVE-2020-0618

https://www.exploit-db.com/exploits/48816

Google Dork: inurl:ReportViewer.aspx

Vulnerability Description

On February 12, Microsoft released a security update to announce the fix of the remote code execution vulnerability (CVE-2020-0618) in Microsoft SQL Server Reporting Services. SQL Server, developed by Microsoft, is a relational database management system (RDBMS) that is widely used in the world.

An attacker gaining low privileges could exploit this vulnerability to execute arbitrary cod in the context of the Report Server service account by sending a carefully crafted request to an affected Reporting Services instance of an affected SQL Server. Currently, the proof of concept (PoC) of this vulnerability is already publicly available. Affected users should apply the related security update for protection.

Posting Komentar

0 Komentar

Microsoft Sql Server Remote Code Execution Vulnerability CVE-2020-0618

Microsoft Sql Server Remote Code Execution Vulnerability CVE-2020-0618

lyxa-govSeptember 18, 2020

Microsoft Sql Server Remote Code Execution Vulnerability CVE-2020-0618 https://www.exploit-db.com/…

Baca selengkapnya