HIGH
TONNET
CVE published 2026-05-20
CVE-2026-9003
A SQL injection vulnerability in the E-LAN Hybrid Recording System developed by TONNET allows unauthenticated remote attackers to inject arbitrary SQL commands and read database contents. The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and [truncated]