CVE-2018-18286

Name of the Vulnerable Software and Affected Versions CMG Suite versions 8.4 SP2 and earlier

Description The issue is related to SQL injection vulnerabilities due to insufficient input validation for the changepwd interface. This could allow an unauthenticated attacker to conduct an SQL injection attack, potentially extracting sensitive information from the database and executing arbitrary scripts.

Recommendations For CMG Suite versions 8.4 SP2 and earlier, update to a version that addresses the SQL injection vulnerabilities in the changepwd interface to prevent exploitation.