<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Security Advisory: Elcom CMS SQL Injection

Posted by David Chadwick - 18 July, 2019

header-picture

Elcom CMS SQL Injection

Release date: 04/07/2019

Last update: 04/07/2019

Vendor: Elcom

Vendor site: https://www.elcom.com.au/

Product: Elcom CMS

Affected version(s): 10.0.6.21

Remediated version: 10.7

Severity Rating: Medium

Impact: Exposure of sensitive information

Attack vector: Remote without authentication

CVE: CVE-2019-12946

 

Details: Elcom CMS before 10.7 has SQL Injection via the EventSearchByState.aspx and EventSearchAdv.aspx page.

Recommendation: This vulnerability has been patched and tested in v10.7. Elcom is also able to work with any clients not ready for an upgrade to ensure that the vulnerability is mitigated.

Discovered by: David Chadwick from Content Security Pty. Ltd.


Recent Posts

Three Types of Security Threats and How to Guard Against Them

read more

How to Manage Security In The New World of Cloud Computing

read more

How to implement largescale IT programs without losing your mind

read more