2017-10-23 08:00:00
mitre
PUBLISHED
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).