An SQL injection vulnerability in Infor Kados R10 GreenBee enables unauthorized database manipulation, posing a significant security risk.

This vulnerability exists because the id_project parameter is not properly sanitized, allowing attackers to inject SQL commands into the backend database.

Unauthorized database interaction could lead to data theft or system compromise, causing significant harm to business operations. The CVSS score of 8.2 highlights the severity of this issue and the importance of timely remediation.

Immediate Action: Update the Kados R10 GreenBee software to the latest version provided by the vendor.

Proactive Monitoring: Monitor database query logs for suspicious activity and unauthorized access attempts.

Compensating Controls: Use a Web Application Firewall (WAF) to filter out malicious SQL injection attempts targeting the id_project parameter.

Public Exploit Available: false

Organizations should ensure that all security updates are applied immediately. Implementing strong database access controls and monitoring will help mitigate the potential for exploitation.