Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly elevating the risk.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExplorance Blue
APPExplorance< 8.14.9
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SQLi
CWE
Related vulnerabilities
CVE-2025-57792CRITICAL10.0PL ✓ten sam produkt
SQL Injection bez uwierzytelnienia w Explorance Blue (CVE-2025-57792)
CVE-2025-57794CRITICAL9.1PL ✓ten sam produkt
RCE przez unrestricted file upload w Explorance Blue (panel admina)
CVE-2025-57795CRITICAL9.9PL ✓ten sam produkt
RCE przez podatny upload plików w Explorance Blue (CVE-2025-57795)
CVE-2025-57796MEDIUM6.8ten sam produkt
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to p...
CVE-2025-52344MEDIUM6.1ten sam produkt
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers ...