exploitDog

CVE-2024-26262

Опубликовано: 15 фев. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .

Ссылки

https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html
Not Applicable
https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ebmtech:uniweb\/solipacs_webserver:*:*:*:*:*:*:*:*

Версия до 12.1.2504 (исключая)

EPSS

Процентиль: 68%

0.00585

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-4mrq-7mxx-fw2c

CVSS3: 8.8

github

почти 2 года назад

EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .

EPSS

Процентиль: 68%

0.00585

Низкий

8.8 High

CVSS3

Дефекты

CWE-89