## https://sploitus.com/exploit?id=SAINT:42A55639AE1F6E2A8BE2071F2F668787
Added: 09/25/2020
CVE: CVE-2020-0618
### Background
Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports.
### Problem
A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote, authenticated attacker to execute arbitrary commands on the server by sending a POST request with a specially crafted serialized object.
### Resolution
See Microsoft Security Advisory CVE-2020-0618 for fix information.
### References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
### Limitations
This exploit requires valid Microsoft SQL Server Reporting Services credentials.
### Platforms
Windows