eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.
9.8CVSS
9.4AI Score
0.007EPSS
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).
9.8CVSS
9.8AI Score
0.002EPSS
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
7.8CVSS
7.8AI Score
0.0005EPSS