Vulnerabilities > Eginnovations > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-03 | CVE-2020-8592 | SQL Injection vulnerability in Eginnovations EG Manager 7.1.2 eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | 9.8 |
| 2020-02-03 | CVE-2020-8591 | Improper Authentication vulnerability in Eginnovations EG Manager 7.1.2 eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | 9.8 |