Ektron CMS400.NET ContentRatingGraph.aspx SQL injection

Description

Ektron CMS400.NET is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the ContentRatingGraph.aspx script using the res parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

Remediation

Upgrade to the latest version Ektron CMS.

References