Proof of Concept for Microsoft SQL Server Reporting...

Proof of Concept for Microsoft SQL Server Reporting Services Vulnerability (CVE-2020-0618)

As part of February 2020’s Patch Tuesday, Microsoft issued a patch for CVE-2020-0618, an improper input validation vulnerability in the ReportingServicesWebServer.dll of Microsoft SQL Server Reporting Services.

The vulnerability was discovered and reported to Microsoft by Soroush Dalili, principal security consultant at MDSec. Dalili published a blog post regarding his findings, which included a proof-of-concept for the vulnerability.

SQL Server Reporting Services is not part of the default installation of Microsoft SQL Server, but there are some software packages that include it.

For more information about the vulnerability, including patch details, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Proof of Concept for Microsoft SQL Server Reporting...

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia