CVEs-PoC/2018/CVE-2018-2373.md

### [CVE-2018-2373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2373)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA%20Extended%20Application%20Services&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen)

### Description

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

### POC

#### Reference
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

#### Github
- https://github.com/lmkalg/my_cves