Vulnerability Details CVE-2018-13792
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-13792
-
cpe:2.3:a:abbyy:flexicapture:12.0
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.263
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.267
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.282
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.292
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.367
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.428
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.475
-
cpe:2.3:a:abbyy:flexicapture:12.0.1.516