NAPC Xinet (interface) Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginForm[username] field when double quotes are used.
861555c2816d3e8545ed29c5458dbc9afd6526714f4d2b3d853f8b78e2022d5d