CVE-2018-17562

Name of the Vulnerable Software and Affected Versions Multi-Tech FaxFinder versions prior to 5.1.6

Description The issue allows an attacker to perform SQL Injection via the "status/call details?oid=" URI, enabling them to extract the underlying database schema and potentially disclose other fax server information through different injection points.

Recommendations For versions prior to 5.1.6, update to version 5.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "status/call details?oid=" URI to minimize the risk of exploitation.