CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-3118

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.exploit-db.com/exploits/49392
https://www.exploit-db.com/exploits/49392

Products affected by CVE-2021-3118

Medicalexpo » Ecs Imaging » Version: N/A

cpe:2.3:a:medicalexpo:ecs_imaging:-
Medicalexpo » Ecs Imaging » Version: 6.21.3

cpe:2.3:a:medicalexpo:ecs_imaging:6.21.3
Medicalexpo » Ecs Imaging » Version: 6.21.5

cpe:2.3:a:medicalexpo:ecs_imaging:6.21.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3118

Products

Pricing

Contact Us