Schema

**Name of the Vulnerable Software and Affected Versions** Election Services Co. (ESC) Internet Election Service (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities in multiple pages and parameters of the Election Services Co. (ESC) Internet Election Service. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. The vendor, ESC, has taken mitigation steps by deactivating older and unused elections and enabling web application firewall (WAF) protection for current and future elections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.