Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection
Posted by deepcore on December 1, 2019 – 5:10 pm
NAPC Xinet (interface) Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginForm[username] field when double quotes are used.
Post a reply
You must be logged in to post a comment.