CVE-2024-26262

EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html	Not Applicable
https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:ebmtech:uniweb\/solipacs_webserver:*:*:*:*:*:*:*:*

History

23 Jan 2025, 19:56

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ebmtech:uniweb\/solipacs_webserver::::::::
First Time		Ebmtech Ebmtech uniweb\/solipacs Webserver
References	~~() https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html - Not Applicable

21 Nov 2024, 09:02

Type	Values Removed	Values Added
References	~~() https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html -

15 Feb 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-15 03:15

Updated : 2025-01-23 19:56

NVD link : CVE-2024-26262

Mitre link : CVE-2024-26262

CVE.ORG link : CVE-2024-26262

JSON object : View

Products Affected

ebmtech

uniweb\/solipacs_webserver

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-26262", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-15T03:15:35.313", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html", "tags": ["Not Applicable"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator ."}, {"lang": "es", "value": "La funcionalidad de consulta de EBM Technologies Uniweb/SoliPACS WebServer carece de restricciones adecuadas de entrada del usuario, lo que permite a atacantes remotos autenticados como usuarios normales inyectar comandos SQL para leer, modificar y eliminar registros de bases de datos, as\u00ed como ejecutar comandos del sistema. Los atacantes pueden incluso aprovechar el privilegio dbo en la base de datos para escalar privilegios, elevando sus privilegios a administrador."}], "lastModified": "2025-01-23T19:56:40.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ebmtech:uniweb\\/solipacs_webserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F65787D6-EFF6-486C-83FE-284B186F3A45", "versionEndExcluding": "12.1.2504"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}