CVE-2023-39423

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs,  among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user. (CVSS:9.1) (Last Update:2023-09-12 00:08:52)   Latest security vulnerabilities (SQL Injection) (CVSS score >= 4) 

​ 

 

More To Explore