CVE advisoryCRITICAL
CVE-2020-35276
EgavilanMedia ECM Address Book SQL Injection Admin Bypass
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
EgavilanMedia ECM Address Book 1.0 contains a SQL injection vulnerability in its admin login panel, allowing an unauthenticated attacker to gain full administrative control and manage user accounts. This could lead to unauthorized access and modification of system and user data if the application is reachable.