Primary

Context

Uniguest Tripleplay SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Uniguest Tripleplay versions 23.1 and later. This vulnerability allows remote attackers to execute arbitrary SQL queries on the backend database. The issue arises from a lack of proper authentication, enabling unauthorized users to manipulate database queries and potentially access or modify sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the backend database, allowing attackers to execute arbitrary SQL queries. This could result in data leakage, unauthorized data modification, or in some cases, executing commands on the server if the database is connected to the application server in a vulnerable way.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uniguest Tripleplay SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

Uniguest Tripleplay

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating