Name of the Vulnerable Software and Affected Versions Galakтиka ERP (affected versions not specified)

Description The issue is related to insufficient access control in the GalSrv directory used in the system's two-tier architecture. An attacker with USERS group privileges can exploit this by placing malicious dll libraries, such as winmm.dll, in the GalSrv directory. These libraries will be loaded instead of the system ones when administrative utilities or user applications are launched, potentially allowing the execution of arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.