← back
CVE-2018-25272

ELBA5 5.8.0 Remote Code Execution via Database Access

CVSS 9.3 CRITICALEPSS 0.4%CWE-326
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Elba · ELBA5
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45905unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.elba.athttps://www.exploit-db.com/exploits/45905https://www.vulncheck.com/advisories/elba5-remote-code-execution-via-database-access