BinSoft mpGabinet Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in BinSoft mpGabinet versions through 23.12.19. The issue arises from excessive database privileges granted to the application's database user. This allows an attacker with access to a running instance of the application connected to the backend server to extract database credentials from the application's memory by inspecting the active process. While retrieving credentials from memory is expected behavior, the exposed credentials provide administrative access to the database, surpassing the privileges necessary for normal application operations. Consequently, this enables an attacker to execute actions beyond those allowed through the application interface.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, granting attackers administrative access to the application's database. This access can be misused to perform actions that are not permitted through the application's user interface, potentially leading to further exploitation or manipulation of data.