Description
Ektron CMS400.NET is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the ContentRatingGraph.aspx script using the res parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Remediation
Upgrade to the latest version Ektron CMS.
References
Ektron CMS400.NET ContentRatingGraph.aspx SQL injection
Ektron CMS400.NET 'ContentRatingGraph.aspx' SQL Injection Vulnerability
Related Vulnerabilities
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1501)
OpenVPN AS Other Vulnerability (CVE-2006-2229)
WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)
Drupal CVE-2014-1475 Vulnerability (CVE-2014-1475)
MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)