RSS   Vulnerabilities for 'Eg manager'   RSS

2020-02-03
 
CVE-2020-8592

CWE-89
 

 
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).

 
 
CVE-2020-8591

CWE-287
 

 
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.

 


Copyright 2024, cxsecurity.com

 

Back to Top