NAPC Xinet Elegant 6 Asset Library 6.1.655 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

NAPC Xinet Elegant 6 Asset Library 6.1.655 suffers from improper neutralization of special elements used in an sql command (‘SQL Injection’) vulnerability.

Credit:

The information has been provided by Vendor

The original article can be found at:http://hyp3rlinx.altervista.org


Details

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.

 

Vulnerable Systems:

NAPC Xinet Elegant 6 Asset Library 6.1.655

 

CVE Information:

CVE-2019-19245

 

Disclosure Timeline:
Published Date:12/2/2019

Categories: News