9.8
CVSSv3

CVE-2021-3118

Published: 11/01/2021 Updated: 17/05/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

EVOLUCARE ECSIMAGING (aka ECS Imaging) up to and including 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an malicious user to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

medicalexpo ecs imaging