FKIE_CVE-2024-26262

Vulnerability from fkie_nvd - Published: 2024-02-15 03:15 - Updated: 2025-01-23 19:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .
References
twcert@cert.org.twhttps://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.htmlNot Applicable
Impacted products
Vendor Product Version
ebmtech uniweb\/solipacs_webserver *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ebmtech:uniweb\\/solipacs_webserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F65787D6-EFF6-486C-83FE-284B186F3A45",
              "versionEndExcluding": "12.1.2504",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EBM Technologies Uniweb/SoliPACS WebServer\u0027s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator ."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de consulta de EBM Technologies Uniweb/SoliPACS WebServer carece de restricciones adecuadas de entrada del usuario, lo que permite a atacantes remotos autenticados como usuarios normales inyectar comandos SQL para leer, modificar y eliminar registros de bases de datos, as\u00ed como ejecutar comandos del sistema. Los atacantes pueden incluso aprovechar el privilegio dbo en la base de datos para escalar privilegios, elevando sus privilegios a administrador."
    }
  ],
  "id": "CVE-2024-26262",
  "lastModified": "2025-01-23T19:56:40.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-15T03:15:35.313",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.