The Kados R10 GreenBee application is vulnerable to SQL injection, which could allow an attacker to maliciously modify or delete database records.

The id_to_delete parameter is not properly sanitized, allowing attackers to inject SQL commands into the application's database queries. This vulnerability allows for unauthorized data manipulation.

Successful exploitation could result in the loss of data or unauthorized access to system records, leading to significant disruption. The CVSS score of 8.2 indicates a high-severity threat that requires immediate attention from security teams.

Immediate Action: Update the Kados R10 GreenBee software to the latest version as directed by the vendor.

Proactive Monitoring: Review database logs for suspicious delete or modification commands that do not align with standard user behavior.

Compensating Controls: Use a Web Application Firewall (WAF) to detect and block malicious SQL injection strings in the id_to_delete parameter.

Public Exploit Available: false

Prompt remediation is necessary to ensure the integrity of the application's database. IT administrators should verify that all patches are applied to eliminate the risk of exploitation.