Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection
Posted on 01 December 2019
NAPC Xinet (interface) Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginForm[username] field when double quotes are used.