Explorance Blue SQL Injection Vulnerability Allowing Data Exfiltration and Potential Code Execution
Vulnerability
A SQL injection vulnerability has been identified in Explorance Blue versions prior to 8.14.9. This vulnerability arises from inadequate validation of user input in a web application endpoint, allowing attackers to inject crafted input that is executed as part of backend database queries. The issue is exploitable remotely and without authentication, significantly increasing the risk.
Impact
Exploitation of this vulnerability could lead to unauthorized access to or manipulation of application data. This includes exfiltration of sensitive information such as credentials, configuration data, and business data. Additionally, the vulnerability could allow modification or deletion of records, bypassing of authentication checks, and in some cases, remote code execution on the underlying host.
Remediation
Users are advised to upgrade to Explorance Blue version 8.14.9 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.