Login Sign Up

CVE-2018-16659

9.8 CRITICAL
Remote Code Execution SQL Injection Authentication Bypass

📋 TL;DR

CVE-2018-16659 is a critical SQL injection vulnerability in Rausoft ID.prove 2.95 that allows attackers to execute arbitrary SQL commands via the login page's Username parameter. This can lead to authentication bypass, data theft, and remote code execution through SQL Server's xp_cmdshell. Organizations using Rausoft ID.prove 2.95 are affected.

💻 Affected Systems

Products:
  • Rausoft ID.prove
Versions: Version 2.95
Operating Systems: Windows (due to SQL Server dependency)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Microsoft SQL Server backend. xp_cmdshell must be enabled for full RCE impact.

📦 What is this software?

Id.prove by Rausoft

View all CVEs affecting Id.prove →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via xp_cmdshell leading to domain takeover, data exfiltration, and ransomware deployment.

🟠

Likely Case

Authentication bypass leading to unauthorized access, sensitive data extraction, and potential lateral movement.

🟢

If Mitigated

Limited to SQL injection without command execution if xp_cmdshell is disabled and proper input validation exists.

🌐 Internet-Facing: HIGH - Login pages are typically internet-facing, making exploitation trivial for unauthenticated attackers.
🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the application.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on Exploit-DB. Attack requires no authentication and uses simple SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - No official patch documented

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

1. Upgrade to a newer version if available. 2. Apply input validation and parameterized queries. 3. Disable xp_cmdshell in SQL Server.

🔧 Temporary Workarounds

Disable xp_cmdshell

windows

Prevents command execution via SQL injection by disabling the dangerous stored procedure

EXEC sp_configure 'show advanced options', 1;
RECONFIGURE;
EXEC sp_configure 'xp_cmdshell', 0;
RECONFIGURE;

Implement WAF Rules

all

Block SQL injection patterns at the web application firewall

🧯 If You Can't Patch

  • Isolate the ID.prove server in a restricted network segment
  • Implement strict input validation and parameterized queries in the application code

🔍 How to Verify

Check if Vulnerable:

Test login page with SQL injection payload: ' OR '1'='1 in Username field

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Verify parameterized queries are implemented and xp_cmdshell is disabled

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Failed login attempts with SQL syntax
  • xp_cmdshell execution events

Network Indicators:

  • POST requests to login page with SQL payloads
  • Outbound connections from SQL Server to unexpected destinations

SIEM Query:

source="web_logs" AND uri="/login" AND (body CONTAINS "xp_cmdshell" OR body CONTAINS "UNION" OR body CONTAINS "SELECT @@version")

📊 Metadata

CVE ID: CVE-2018-16659
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: September 28, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-16659, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)