|
|
Microsoft SQL Server Non-Validated Query Vulnerability
Microsoft SQL Server 7.0 and Data Engine (an SQL-compatible add-on for Access 2000 and Visual Studio 6.0) will accept SQL queries that can lead to compromise of the database or the underlying operating system. It is possible for any SQL-authenticated user to pass commands through SQL SELECT statements that will be run at the privilege level of the database owner or administrator. |
|
Privacy Statement |