CVE-2019-12946

Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx.
Source: NIST
CVE-2019-12946