CVE-2026-25606

Summary

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the application itself is able to access

This issue was fixed in version 9.5.

Affected Software

VendorProductVersion RangeStatus
Centralny Instytut Ochrony Pracy - Państwowy Instytut BadawczySTER0 < 9.5affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References