Sparx Pro Cloud Server is susceptible to a high-risk access control vulnerability that can lead to remote unauthenticated code execution.

The application lacks sufficient permission checks during communication with the database. If the system is installed with WebEA, this flaw can be escalated by unauthenticated attackers to achieve remote code execution within the web server context.

With a CVSS score of 8.8, this flaw poses an extreme risk to data confidentiality and integrity. The ability to execute arbitrary SQL queries or achieve RCE allows attackers to extract the entire database contents or gain full control over the application server, resulting in catastrophic system failure.

Immediate Action: Apply security updates provided by the vendor to address the broken access control mechanisms.

Proactive Monitoring: Monitor database query logs for unauthorized or unexpected SQL syntax and review web server access logs for anomalous traffic.

Compensating Controls: Deploy a WAF with rules configured to block SQL injection patterns and restrict external access to the Pro Cloud Server management interfaces.

Public Exploit Available: true

The presence of a public exploit makes this a critical priority. Organizations must immediately identify and patch all instances of Sparx Pro Cloud Server. If patching is not immediately feasible, isolate the server from the public internet to prevent unauthenticated exploitation.