An unauthenticated SQL injection vulnerability in Infor Kados R10 GreenBee poses a critical risk to data confidentiality and database stability.

The application fails to perform sufficient input validation on the user2reset parameter, permitting unauthenticated attackers to execute arbitrary SQL commands. This allows for direct interaction with the backend database.

The ability for an unauthenticated attacker to manipulate database queries poses a severe risk, including the potential for complete database compromise. With a CVSS score of 8.2, this vulnerability is a high-priority threat that could lead to widespread data loss or unauthorized access.

Immediate Action: Immediately apply the latest security updates or patches provided by the vendor.

Proactive Monitoring: Review security logs for suspicious database queries and monitor for unusual traffic spikes associated with the user2reset function.

Compensating Controls: Utilize a Web Application Firewall (WAF) to sanitize inputs and block requests containing SQL injection patterns directed at the user2reset parameter.

Public Exploit Available: false

Given the unauthenticated nature of this vulnerability, it constitutes a significant risk. Remediation should be treated as a high priority to prevent potential exploitation by malicious actors.