The Kados R10 GreenBee application contains an SQL injection vulnerability that could lead to unauthorized database access and data compromise.

The filter_user_mail parameter is not properly sanitized, allowing attackers to inject malicious SQL commands into the application's database queries.

Successful exploitation could result in unauthorized access to sensitive data, leading to a significant breach. The CVSS score of 8.2 signifies a high-severity threat that requires immediate intervention from security teams.

Immediate Action: Apply the vendor-provided security patch to the affected system.

Proactive Monitoring: Review database and application logs for unusual query activity that might indicate an injection attempt.

Compensating Controls: Deploy WAF rules to detect and block SQL injection patterns in the filter_user_mail parameter.

Public Exploit Available: false

Security teams must prioritize patching this vulnerability to ensure the integrity of the system's data. Immediate action is required to reduce the risk of unauthorized database interaction.