SQL Injection Vulnerability in EgavilanMedia ECM Address Book
CVE-2020-35276

9.8CRITICAL

Key Information:

Vendor

Egavilanmedia

Status
Ecm Address Book
Vendor
CVE Published:
21 December 2020

What is CVE-2020-35276?

The EgavilanMedia ECM Address Book 1.0 has a security flaw that allows attackers to exploit SQL injection vulnerabilities. This exploit can enable malicious actors to bypass the Admin Login panel, granting them unauthorized access to administrative controls. Once access is obtained, attackers can manipulate user accounts by adding or removing users at will, potentially leading to significant security breaches within organizations utilizing this software.

References

http://egavilanmedia.com
x_refsource_MISC
http://ecm.com
x_refsource_MISC
https://hardik-solanki.medium.com/authentication-admin-pa...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.