5 matches found
EUVD-2018-2273
Malware in sbrugna...
Sql injection
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...
CVE-2018-10197
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...
CVE-2018-10197
CVE-2018-10197 is a time-based blind SQL injection in the ELO Access Manager (component) for ELOenterprise and ELOprofessional on versions 9 and 10. The vulnerability resides in the HTTP GET parameter “ticket,” allowing a remote attacker over the network to read database contents (e.g., administr...
CVE-2018-10197
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...