Primary

Context

Epicor Prophet 21 SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability exists in Epicor Prophet 21 (P21) versions prior to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands by exploiting unsanitized user input fields, potentially leading to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in unauthorized access to information through executed SQL commands.

Remediation

Users are advised to upgrade to Epicor Prophet 21 version 24.1.5358. For further information, Epicor customers can refer to EpicCare article KB0138127.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Epicor Prophet 21 SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating