2020-02-03 20:05:40
mitre
PUBLISHED
eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).