Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected