CVE-2018-10197
CVE-2018-10197 is a time-based blind SQL injection in the ELO Access Manager (component) for ELOenterprise and ELOprofessional on versions 9 and 10. The vulnerability resides in the HTTP GET parameter “ticket,” allowing a remote attacker over the network to read database contents (e.g., administr...