CVE-2020-35276

Name of the Vulnerable Software and Affected Versions EgavilanMedia ECM Address Book version 1.0

Description The issue allows an attacker to bypass the Admin Login panel through SQL injection, gaining Admin access and the ability to add or remove any user. This can potentially lead to unauthorized access to sensitive information, such as confidential patient data.

Recommendations For EgavilanMedia ECM Address Book version 1.0, consider temporarily restricting access to the Admin Login panel until a patch is available. As a mitigation measure, avoid using the vulnerable login functionality and limit user management capabilities to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.