AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LAltium On Prem Enterprise Server
APPAltium7.0.3 – 7.0.6 (bez)
Related vulnerabilities
Altium Enterprise Server: hardcoded key + path traversal umożliwiają przejęcie serwera
Path traversal w Altium Enterprise Server Vault Service — zapis dowolnych plików i RCE
Path Traversal w Altium Enterprise Server NIS — nieuwierzytelniony RCE
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authentic...
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-s...