NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
References
Link | Resource |
---|---|
http://hyp3rlinx.altervista.org | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/155505/Xinet-Elegant-6-Asset-Library-Web-Interface-6.1.655-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-02T13:54:09
Updated: 2019-12-02T13:54:09
Reserved: 2019-11-25T00:00:00
Link: CVE-2019-19245
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-02T14:15:10.943
Modified: 2019-12-11T20:23:39.577
Link: CVE-2019-19245
JSON object: View
Redhat Information
No data.
CWE