SQL Injection Vulnerability in EGM Address Book 1.0 Allows Remote Code Execution

SQL Injection Vulnerability in EGM Address Book 1.0 Allows Remote Code Execution

CVE-2020-29474 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.