An SQL injection vulnerability in Infor Kados R10 GreenBee exposes the backend database to unauthorized manipulation and potential data breach.

The application fails to properly sanitize the mng_profile_id parameter, allowing an attacker to inject arbitrary SQL statements. This vulnerability requires authenticated access to the specific interface, though the risk remains high due to the potential for privilege escalation.

A successful exploit could allow an attacker to bypass authentication or extract sensitive profile data from the database. The CVSS score of 8.2 underscores the severity, necessitating prompt remediation to avoid reputational damage and unauthorized system access.

Immediate Action: Update the affected Kados R10 GreenBee installation to the latest version provided by the vendor to remediate the input validation flaw.

Proactive Monitoring: Review application and database access logs for anomalous SQL activity originating from user profiles.

Compensating Controls: Use a Web Application Firewall (WAF) to filter out requests containing suspicious SQL syntax within the mng_profile_id parameter.

Public Exploit Available: false

The vulnerability poses a high risk to database security. IT administrators must ensure that all security patches are applied and that access controls are reviewed to limit the potential impact of a compromised account.