Sparx Pro Cloud Server Broken Access Control Vulnerability Allowing Arbitrary SQL Execution

Vulnerability

A broken access control vulnerability has been identified in Sparx Pro Cloud Server, all versions through 6.1. This vulnerability allows low-privileged users to execute arbitrary SQL queries within the context of the database user. The issue arises from a lack of proper permission checks in the application's database communication.

Impact

Exploitation of this vulnerability could lead to unauthorized database access and manipulation, allowing attackers to execute arbitrary SQL commands that could potentially alter or extract sensitive data.

Added: May 19, 2026, 2:58 PM

Updated: May 19, 2026, 2:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sparx Pro Cloud Server Broken Access Control Vulnerability Allowing Arbitrary SQL Execution

Vulnerability

Impact

Affected Products

Sparx Systems Pro Cloud Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating