Eginnovations: >> Eg Manager >> 7.1.2 Security Vulnerabilities
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-02
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-02-03
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-03