<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Security Advisory: Elcom CMS SQL Injection

Posted by David Chadwick - 18 July, 2019


Elcom CMS SQL Injection

Release date: 04/07/2019

Last update: 04/07/2019

Vendor: Elcom

Vendor site: https://www.elcom.com.au/

Product: Elcom CMS

Affected version(s):

Remediated version: 10.7

Severity Rating: Medium

Impact: Exposure of sensitive information

Attack vector: Remote without authentication

CVE: CVE-2019-12946


Details: Elcom CMS before 10.7 has SQL Injection via the EventSearchByState.aspx and EventSearchAdv.aspx page.

Recommendation: This vulnerability has been patched and tested in v10.7. Elcom is also able to work with any clients not ready for an upgrade to ensure that the vulnerability is mitigated.

Discovered by: David Chadwick from Content Security Pty. Ltd.

Recent Posts

5 DDoS Trends to Look Out For

read more

CPS 234: An Overview of What You Need to Know

read more

Get Greater Coverage Between Manual Penetration Tests by Adopting an Automated Solution

read more