CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-57792

CVSS 10.0v3.1pub. 2026-01-28upd. 2026-02-05

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation of user-supplied input data in one of the web application endpoints. An attacker can provide crafted input data which is then included in SQL queries executed on the backend database server. Since the exploit does not require authentication, any remote attacker with access to the application can directly interact with the database. The maximum CVSS score of 10.0 reflects the absence of any technical barriers preventing the attack.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data, and depending on the environment configuration — potentially take control of the database server or escalate privileges in the system.

Mitigation & patch

Explorance Blue should be updated to version 8.14.9 or later as soon as possible. Detailed information is available in the vendor's security notices published on online-help.explorance.com (Security Advisories — January 2026). Until the patch is deployed, it is recommended to restrict application access only to trusted networks and apply WAF rules blocking typical SQL injection payloads.

Who is affected

Explorance Blue in all versions earlier than 8.14.9.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Explorance Blue

    APP
    Explorance
    < 8.14.9
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-57794CRITICAL9.1PL ✓ten sam produkt

RCE przez unrestricted file upload w Explorance Blue (panel admina)

CVE-2025-57795CRITICAL9.9PL ✓ten sam produkt

RCE przez podatny upload plików w Explorance Blue (CVE-2025-57795)

CVE-2025-57793HIGH8.6ten sam produkt

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validati...

CVE-2025-57796MEDIUM6.8ten sam produkt

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to p...

CVE-2025-52344MEDIUM6.1ten sam produkt

Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers ...