CVE-2017-3183

Name of the Vulnerable Software and Affected Versions: Sage XRT Treasury version 3

Description: The issue concerns a business finance management application where database access is not properly restricted to authorized users. This may allow any authenticated user to gain full access to privileged database functions. The application determines database user access privileges based on the USER CODE field associated with the querying user. By modifying the USER CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database.

Recommendations: For Sage XRT Treasury version 3, consider restricting access to the SQL database by properly validating and sanitizing the USER CODE field to prevent unauthorized privilege escalation. As a temporary workaround, restrict the ability of low-privileged users to submit specially crafted SQL queries to minimize the risk of exploitation.