Ektron CMS400.NET ContentRatingGraph.aspx SQL injection

Description
  • Ektron CMS400.NET is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the ContentRatingGraph.aspx script using the res parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Remediation
  • Upgrade to the latest version Ektron CMS.
References