HIGH🇵🇱 Wersja polska

CVE-2025-27378

CVSS 8.6v3.1pub. 2026-01-22upd. 2026-02-26

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • Altium On Prem Enterprise Server

    APP
    Altium
    7.0.3 – 7.0.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-11414CRITICAL10.0PL ✓ten sam produkt

Altium Enterprise Server: hardcoded key + path traversal umożliwiają przejęcie serwera

CVE-2026-11419CRITICAL9.4PL ✓ten sam produkt

Path traversal w Altium Enterprise Server Vault Service — zapis dowolnych plików i RCE

CVE-2026-11420CRITICAL10.0PL ✓ten sam produkt

Path Traversal w Altium Enterprise Server NIS — nieuwierzytelniony RCE

CVE-2025-27380HIGH7.6ten sam produkt

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authentic...

CVE-2026-1010HIGH8.0ten sam produkt

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-s...