BeeS Software Solutions BET Portal SQL Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A SQL injection vulnerability has been identified in the login functionality of the BeeS Software Solutions BET Portal, which is used by over 100 educational institutions for managing student information and examination results. This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on the backend database. In some cases, it could lead to remote code execution, depending on the server configuration.
Impact
Exploitation of this vulnerability allows unauthorized access to the database, where attackers can read, modify, or delete records. It also enables the extraction of sensitive student data and, in certain deployments, execution of operating system-level commands.
Remediation
BeeS Software Solutions has automatically deployed a patch to all affected BET Portal instances, addressing the vulnerability by enhancing input validation and modifying security settings to prevent exploitation. No action is required from clients.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.